Tor browser Bitcointalk members read this

[dkbit98]

If you are using Tor browser for browsing Bitcointalk forum or even for Bitcoin related services like ChipMixer better read following information.

1. Tor is under heavy censorship by Russian government since December 1, Roskomnadzor is blocking access to Tor and there are plans to totally ban Tor in future.
Urgent action is needed by community to prevent this by running a Tor bridge, and this is very important because 15% of all Tor users are Russians:
https://blog.torproject.org/tor-censorship-in-russia/

2. Actor with code-name KAX17 is potentially performing de-anonymization attacks against Tor Users, and this is probably operated by someone with huge amount of funds, and money printing machine (read gov.).
KAX17 is active since 2017 and he is using large amount of servers with cloud hosts like Microsoft, and he is probably not the same as malicious actor BTCMITM20 who is stealing Bitcoin with address hijack and replacement.
This actor was running relays in all positions of a tor circuit, and his email address was involved in mailing list discussions related with malicious tor relays.
You can read detailed report in medium post written by nusenu or watch this 9 minute long video if you prefer watching more than reading:
archive: https://archive.md/AB4Ax

[1715117595]

1715117595

[1715117595]

1715117595

[1715117595]

1715117595

[lovesmayfamilis]

Recently, Roskomnadzor has blocked several VPN services, determining the blocking that these services violate the laws of the Russian Federation.
Today, the site of the TOR browser was blocked.
Also, before that, Roskomnadzor blocked 15 VPN services.

Hola! VPN
ExpressVPN
KeepSolid VPN Unlimited
Nord VPN
Speedify VPN
IPVanish VPN
VyprVPN
Opera VPN
ProtonVPN
Betternet
Lantern
X-VPN
Cloudflare WARP
Tachyon VPN
PrivateTunnel

https://www.comss.ru/page.php?id=9914


And as "the icing on the cake" today we see the news about the TOR  blocking.
It seems that thinking about your anonymity and privacy while living in Russia is becoming a pipe dream.

[tranthidung]

Not good news.

It is how freedom is broken in such countries: China, Russia, Democratic People's Republic of Korea (DPRK), Cuba, Vietnam. They are controlled by communist parties which claim to be parties for people but unfortunately what they say and what they do are totally different.

Communities always find ways to get out of government control. They can not win against power of community and collective brain of community.

[DdmrDdmr]

Related to this, today I came across the following Reddit entry, which was referenced on a local crypto media article:
https://www.reddit.com/r/Bitcoin/comments/rag3gy/dont_use_tor_for_bitcoin/

There, it describes how some people are seemingly reporting having their BTCs stolen when using a Mixer, although if we read through the post, the issue is really using clearweb https services, reached through an http request (i.e. type the domain name and expect the site to redirect you to the https). The hackers avoids the redirect from happening, and all traffic ends-up going through http, thus allowing him to change displayed deposit BTC addresses for example.

I’d say that nothing of the kind though can happen if you are using a correct native tor address, but maybe someone can chip-in on this.

This is what seems to be the main motivation for BTCMITM20, as detailed in the referenced in the Medium post linked in the OP, although the scope is potentially wider in terms of deanonymizing it seems.

[Welsh]

Doesn't attempt to deanonymize Tor users happen almost everyday? But i wouldn't worry too much since the attack usually exploit human mistake or target specific people.

Probably goes on a lot more than we would care to admit. Since, anyone who wants to run a exit node, could potentially sniff out data from its users. Although, considering the amount of Tor exit nodes, this rather chance based, and the likelihood of the malicious user achieving their goals against specific people is rather slim.

I do like the initiative though. If we want freedom, and the freedom to be anonymous, since there are definitely reasons to want to remain anonymous for legitimate reasons, mostly from web hosts collecting your data, run a node if possible. Just like Bitcoin, the more nodes we have the more secure the network is.

[dkbit98]

Doesn't attempt to deanonymize Tor users happen almost everyday? But i wouldn't worry too much since the attack usually exploit human mistake or target specific people.

If you read the blog post I posted you will see that it's not just usual everyday deanonymization but much bigger scale operation happening recently, especially if we couple that with Russia trying to totally ban Tor.

Recently, Roskomnadzor has blocked several VPN services, determining the blocking that these services violate the laws of the Russian Federation.
Today, the site of the TOR browser was blocked.

Proton VPN and Nord VPN are also on that list and they are one of the bigger VPN services, so my question is how many VPN services now actually work in Russia and is there a way to work around this ban?

It is how freedom is broken in such countries: China, Russia, Democratic People's Republic of Korea (DPRK), Cuba, Vietnam. They are controlled by communist parties which claim to be parties for people but unfortunately what they say and what they do are totally different.

Sadly it's not just the case in those countries (Russia is not communist anymore btw ) and I think that global dictatorship is rising in all countries around the world.
We the people are majority and we can fight this tyranny together, but most people are probably busy looking at their screens and living their virtual lives :/

This is what seems to be the main motivation for BTCMITM20, as detailed in the referenced in the Medium post linked in the OP, although the scope is potentially wider in terms of deanonymizing it seems.

I think that few months ago Chipmixer was attacked with similar tactics of address replacement but this was on clear net if I remember correctly.
BTCMITM20 is driven by profit with stealing coins from people, but KAX17 is not related with that and this actor is only looking to mass deanonymize tor users and he is burning a lot of money in that process.

I do like the initiative though. If we want freedom, and the freedom to be anonymous, since there are definitely reasons to want to remain anonymous for legitimate reasons, mostly from web hosts collecting your data, run a node if possible. Just like Bitcoin, the more nodes we have the more secure the network is.

Yeah, only solution to fight this attacks is if more people run their Tor nodes and bridges, so that bigger numbers win.

[dkbit98]

Actually i did read the blog. But it's not first attack on such big scale, for example
1. It's known FBI throw millions dollar to deanonymize Tor.
2. BTCMITM20 is known for stealing Bitcoin, but it's possible deanonymization is their other goal.

Yes I understand what you are saying, but like I said all this is now combined with countries starting to ban Tor all together.
If Russia manages to do this than I am sure that other countries will follow soon, just like China banned bitcoin mining and now Sweden, Norway and EU are planning to do the same.

[lovesmayfamilis]

Proton VPN and Nord VPN are also on that list and they are one of the bigger VPN services, so my question is how many VPN services now actually work in Russia and is there a way to work around this ban?

It is not necessary to use VPN. There are long-lived elite proxy servers, as well as sosks5, which can be run through Proxifier or any other program that supports traffic tunneling.
In terms of cost, proxy servers are sometimes more expensive than VPNs, but they can be tied to only one user.

[dkbit98]

It is not necessary to use VPN. There are long-lived elite proxy servers, as well as sosks5, which can be run through Proxifier or any other program that supports traffic tunneling.
In terms of cost, proxy servers are sometimes more expensive than VPNs, but they can be tied to only one user.

I never tried that and I am not sure if that is even legal in Russia, but they can ban that just like they banned VPNs, heck they can even ban Bitcoin and everything else.
There is a plan for people to own nothing and be happy, so I would not be surprised with something like this happening.
Not sure how people from China are going around their Great Firewall, and maybe we should learn from their example.

[LoyceV]

Urgent action is needed by community to prevent this by running a Tor bridge

I thought Tor bridges basically mean Tor users connect through my own Tor connection on my own IP address, but it turns out this too can run on a VPS.

We currently have approximately 1,200 bridges, 900 of which support the obfs4 obfuscation protocol. Unfortunately, these numbers have been decreasing since the beginning of this year. It's not enough to have many bridges: eventually, all of them could find themselves in block lists. We therefore need a constant trickle of new bridges that aren't blocked anywhere yet. This is where we need your help.

So the way I understand it, it's just a cat and mouse game between new Tor bridges and banning servers? I assume a government official from a country that doesn't like Tor can just connect to Tor through a Tor bridge, and instantly blacklist any connection he gets, right? So the entire Bridge system relies on government bureaucracy being slow and inefficient and take a while before it bans new servers?

Recently, Roskomnadzor has blocked several VPN services, determining the blocking that these services violate the laws of the Russian Federation.

Can you run your own OpenVPN instead? I've installed it for testing, and it worked fine. All you need is a cheap VPS to install it. Unless they start blocking VPSses too, but that would mean they have to block most of the internet.
I've seen them from as low as $2 per year, but $4 per year gets you enough RAM to run the software (and an average of 4 GB per day traffic).