I researched TorCoin. I feel like I know a fair amount
about Tor and BitCoin.
What worries me most about Tor is that people do not
realize how trivially an exit relay can MITM your traffic.
The value proposition of Tor is NOT keeping all your traffic
safe. It's anonymizing your traffic from end to end, so
that nobody who sees your data knows both where it came from
and where it's going. They can still see the data itself.
For all intents and purposes, traffic from Exit -> Internet
is plaintext. The relay operator can MITM it. Tor is only
safer than a VPN or proxy because the exit relay does not
know your identity. It can still access the data you
transfer through it. [4]
Anyone can start a Tor exit relay, and setting up a MITM
proxy on it is trivial. Siphoning bitcoin transactions
is equally trivial. Just listen for the proper traffic patterns.
You should not be transferring any business-critical
data over Tor. It's a great tool for protecting your
identity, but not your data.
With HTTPS, you're relatively safer, since you'll get
an alert if a relay is MITM'ing you and modifying the
certificate. But with plain HTTP, you won't even
know when you're getting MITM'd.
I will preface this reply by saying that I am not very familiar with Tor.
Would using a VPN together with Tor be able to provide 'the best of both worlds', so to speak? Would you be able to encrypt your data via a VPN node and use Tor through that encrypted connection?
I assume this would solve the matter of your traffic being visible to whoever is running the Tor relay, but it be possible for the VPN operator to (potentially and hopefully hypothetically) still perform an MITM attack on your traffic?
And lastly, is there a truly practical way to be not only anonymous but also secure (i.e. encryption)?
I'm not worried about the transactions themselves, as
they appear on the blockchain. What worries me is the
"meta transactions", if you will. The Bitcoin ecosystem
is full of off-blockchain transactions. For example,
mining pools use their own communication mechanisms, which
the BGP attack this summer exploited. Also, dozens of
exchanges, marketplaces, and services rely on HTTP API's
for transacting. Even if the blockchain is not vulnerable,
the external transactions that reference it certainly could be.
Imagine how many "send X bitcoin from wallet Y to wallet Z"
requests route over HTTP. Quite a few.
So yeah, not "trivial" as I said. But certainly not impossible.
(Welcome to HN! I'm glad my mistake brought you out of the woodwork.)
However, I still believe nothing is fundamentally broken. Any important protocol should be using SSL - especially when operating over TOR. Lapses like this are still simply user error.
As a side note about "Anyone can start a Tor exit relay, and setting up a MITM proxy on it is trivial".
Tor project has a project that sends out probes to identify rouge nodes, so the trivial and obvious form of MITM that changes data en-route are equally trivial caught and blacklisted. People should still be aware that sending secret data in plaintext on any network is a bad idea tm, but any security analyst need to incorporate the whole picture.
What worries me most about Tor is that people do not realize how trivially an exit relay can MITM your traffic. The value proposition of Tor is NOT keeping all your traffic safe. It's anonymizing your traffic from end to end, so that nobody who sees your data knows both where it came from and where it's going. They can still see the data itself.
For all intents and purposes, traffic from Exit -> Internet is plaintext. The relay operator can MITM it. Tor is only safer than a VPN or proxy because the exit relay does not know your identity. It can still access the data you transfer through it. [4]
Anyone can start a Tor exit relay, and setting up a MITM proxy on it is trivial. Siphoning bitcoin transactions is equally trivial. Just listen for the proper traffic patterns.
You should not be transferring any business-critical data over Tor. It's a great tool for protecting your identity, but not your data.
With HTTPS, you're relatively safer, since you'll get an alert if a relay is MITM'ing you and modifying the certificate. But with plain HTTP, you won't even know when you're getting MITM'd.
More Resources:
[1] http://security.stackexchange.com/questions/34804/how-safe-i...
[2] https://blog.torproject.org/category/tags/mitm (includes links to research papers)
[3] https://www.petsymposium.org/2014/papers/Winter.pdf
[4] Emphasis on "for all intents and purposes." Not a true statement universally.