Tor through a naive proxy?

[peterflo]

Hello! Is it possible to proxy TOR traffic through naiveproxy? Or a naive proxy just to proxy browser traffic? I am currently using v2ray with the (sniffing) option disabled to hide traffic Tor and other applications, from ISP.

[klzgrad]

You can, but I'm not sure why you want to use it in this way.

[peterflo]

You can, but I'm not sure why you want to use it in this way.

Thanks, I'll try to explain why I want to use this method ...

Working as a journalist in a highly censored country, I have to hide the use of TOR when working in an aggressive environment, where the time of my connection to the TOR network can correlate with my nickname on the anonymous network. While obfs4 bridges are not currently blocked, they are not immune to attacks and are not always stable when the TOR network is blocked.

I used to use TOR over VPN but ended up switching to v2ray due to the easier and faster setup. Another reason not to use a VPN to hide TOP is because there is a lot of information on the internet that it is open to fingerprinting, etc. Although I have not found scientific articles on how to classify TOR traffic in a VPN tunnel. .. But I think it is possible, and decided to play it safe by giving up this technology.

So, after I found your project, before using naiveproxy directly, I decided to ask you as a developer: is naiveproxy suitable for hiding Tor traffic from a ISP?

[klzgrad]

Do you want circumvention via Tor or do you want to access the onion network within Tor? For the former you'd be better off creating a private tunnel or VPN without Tor. For the latter,

V2ray and naiveproxy are equally suitable for hiding generic traffic class from an ISP, but that's not a high bar. All an ISP can do is throttle your bandwidth. V2ray, naiveproxy, other stuff coming out of China are usually designed for usability, availability for the mass, and performance of high throughput low latency traffic, and less well designed for individual anonymity and security. Like, they are all prone to timing analysis attacks because to counter timing analysis it is necessary to sacrifice network performance. For journalism work the typical adversary is a nation-state, which is much more resourceful than an ISP so the bar for security is higher. But indeed usability is also important for journalists.

I would agree it is okay to start with V2ray with http/2 multiplexing or naiveproxy (imperfect but with okay usability), and then try out more security-oriented tools.

[darhwa]

@peterflo If you are extremely concerned about security, you can use Tor through obfs4 through naiveproxy.

[peterflo]

Do you want circumvention via Tor or do you want to access the onion network within Tor? For the former you'd be better off creating a private tunnel or VPN without Tor. For the latter,

I mean connecting to Tor in front of the proxy: User → Tor → naiveproxy (v2ray) → Internet To connect to the tor network through a proxy.

@peterflo If you are extremely concerned about security, you can use Tor through obfs4 through naiveproxy.

It's impossible. Bridges don't always work, both free and private. Obfs4 has long been blocked in a number of countries such as China, Iran and others. This is not the best way to get around Tor blocking. Not to mention safety.

For journalism work the typical adversary is a nation-state, which is much more resourceful than an ISP so the bar for security is higher.

Yes, I agree with you. When I talk about hiding traffic from ISPs, I mean the nation state. For me they are one and the same, they are interconnected.

I would agree it is okay to start with V2ray with http/2 multiplexing or naiveproxy (imperfect but with okay usability), and then try out more security-oriented tools.

Which more security oriented tools do you mean?

Like, they are all prone to timing analysis attacks because to counter timing analysis it is necessary to sacrifice network performance.

Yes, but it doesn't always matter how the tunnel is disguised. What matters is how well the traffic / information is hidden inside the tunnel itself. For example, vpn does not handle this very well. There is a scientific article about determining VoIP traffic inside a vpn. https://www.aimspress.com/article/id/5390 What prevents you from detecting traffic from other applications? Or is it a problem of the apps themselves than the VPN?

---

In fact, the main reason for using naiveproxy or v2ray in my case is connecting to the tor network through a proxy.

Why do I need it? 1) Bypass Tor network blocking 2) Hide traces of using the Tor network

What will I get from this? 1) I think everything is clear here 2) I hide the use of the TOR network. Here's an example: an activist connects to the tor network to work in the messenger. There are two possible options, when the activist knows the interlocutor, and in the second - no. But in both cases, the interlocutor does not know who the activist is. Let's say the interlocutor can be an intruder, what does he know? - He knows that the activist uses the messenger on the tor network, as well as the time of the activist's activity in the chat. It can compare the activity time in the messenger with the connection time to the tor network. Most likely, it will be deanonymization. I understand this is a timing attack?

I leave out many other possible deanonymization attacks and the like. They are not suitable for this topic. So, as I said above, with arguments. Actually, I have a few basic questions. Does naiveproxy/v2ray hide TOR network usage? Is it better than vpn? Are there any other security tools to hide TOR traffic?

If I am wrong in my beliefs, please correct me. Also, if my words are unclear, then I can rephrase. Thanks.

[darhwa]

It's impossible. Bridges don't always work, both free and private. Obfs4 has long been blocked in a number of countries such as China, Iran and others. This is not the best way to get around Tor blocking. Not to mention safety.

Configure both obfs4 bridge(s) and Socks5Proxy in your torrc or TorBrowser settings page, then it will 1) connect to some bridge through the socks5 proxy and 2) connect to Tor peers through the bridge. That's what I meant by "Tor through obfs4 through naiveproxy". If your remote proxy server could access Tor network, it can also connect to obfs4 bridges.

In terms of hiding traffic characteristics, obfs4 provides both packet length and timing obfuscation, naiveproxy has some trivial packet length obfuscation, and v2ray has nothing. So you know which one provides the most security.

[peterflo]

Configure both obfs4 bridge(s) and Socks5Proxy in your torrc or TorBrowser settings page, then it will 1) connect to some bridge through the socks5 proxy and 2) connect to Tor peers through the bridge. That's what I meant by "Tor through obfs4 through naiveproxy". If your remote proxy server could access Tor network, it can also connect to obfs4 bridges.

In terms of hiding traffic characteristics, obfs4 provides both packet length and timing obfuscation, naiveproxy has some trivial packet length obfuscation, and v2ray has nothing. So you know which one provides the most security.

It seems that now I am beginning to understand your proposal. When using TOR via naiveproxy, you suggest enabling Obfs4 bridges for additional obfuscation. User -> Tor (obfs4) -> naiveproxy -> Internet The Obfs4 bridge was not previously tested as they were mostly blocked. I spent time studying them and came to this conclusion, including on the basis of your words: 1) Obfs4 encrypts Tor traffic and hides packet sizes by adding padding data, including in confirmation packets 2) Large obfs4 packages can be split by IAT mode to hide the network fingerprint - apparently for complete paranoia? 3) Obfs4 from the outside looks like a completely random set of values. Bridges are known and blocked based on their ip: port and probing, checking who is on the other end? At least other methods are unknown to me ... In this case, a naive proxy will be used for its intended purpose - to bypass censorship.

My thoughts: Obfs4 provides better obfuscation than naiveproxy. Naiveproxy handles censorship issues better and makes the behavior of obfuscated tor (obfs4) traffic identical to normal HTTP/2 traffic between Chrome and standard Frontend Caddy. That is, TOR(obfs4)+Naiveproxy will provide better protection than TOR+NaiveProxy due to additional obfuscation of the main tor traffic using obfs4, which complicates the analysis?