Is there a risk of getting deanonymized if I use Tor on a laptop that includes an nvidia gpu with proprietary drivers?

johnny3x · September 20, 2024, 4:23pm

Hey everyone! I hope this is the right place to ask this question. I’m still new to this whole internet privacy rabbit hole, so please correct me if there’s something wrong.

I’ve had this question for a while now. It’s something that I need to address before I get a new gaming laptop that’s significantly faster than the one I’m using.

Is there any chance of an nvidia gpu deanonymizing me?

I can’t find it now, but I remember the Tor support page saying that you cannot have anything else connect to the internet while accessing the web through Tor to prevent breaking anonymity, which I do whenever I do a quick search on Linux.

I might just be paranoid, reading too much on reddit, or just straight up wrong, but I fear that these gpus and their proprietary drivers will leave traces and/or make connections to the internet and send God knows what.

Also in tails.net it says this about recommended hardware:

Avoid “gaming” models with Nvidia or AMD Radeon graphics cards.

I’m now questioning whether they’re saying to avoid gaming laptops because they might not work or because of security reasons (deanonymization).

If said gaming laptop were to be able to run Linux and Tails, is it fine to use the Tor network with an nvidia gpu or any other gpus/cpus on both Linux and Tails or is there something to be cautious about? If there is a deanonymization problem with components and drivers nowadays, which ones should I use? Am I too paranoid? I’m not gonna allow any of these companies to continue to track me everywhere.

Thank you for your time reading this topic and I hope I get answers from lovely people! : )

Johnny B.

DrBanana · September 21, 2024, 9:14am

You could always use nouveau.

I also think nvidia has bigger fish to fry.

BobbyB · September 21, 2024, 5:34pm

I don’t have your answer about Nvidia.

I’m thinking of that statement and can’t imagine any OS which is NOT doing something with the internet while using Tor. The AV might be doing an update, the OS might be checking for an update, etc, etc, etc. Not heavy stuff but something.

Why not do a quick search through Tor?

It might be good to find the quote you remember and post it here.

If I remember correctly, Tails boots the machine with Linux then starts the app (Tor) itself, so I am not sure what to make of this. You are in fact running both.

I don’t think so.

excurso · September 22, 2024, 9:33am

For such paranoid people like you , Linux’ native firewall iptables has a module called owner. It can allow or deny outgoing traffic based on user or group.

Add the following rule to only allow outgoing traffic for user player (one for IPv4 and one for IPv6; run on command line with root permissions!):

iptables -I OUTPUT -p tcp -m owner ! --uid-owner player -j DROP
ip6tables -I OUTPUT -p tcp -m owner ! --uid-owner player -j DROP

or for the group player:

iptables -I OUTPUT -p tcp -m owner ! --gid-owner player -j DROP
ip6tables -I OUTPUT -p tcp -m owner ! --gid-owner player -j DROP

Run the following command to check the active output rules:

echo -e "\nIPv4 rules:\n" && iptables -S | grep OUTPUT && \
echo -e "\nIPv6 rules:\n" && ip6tables -S | grep OUTPUT && echo

You will get something like this:

IPv4 rules:

-P OUTPUT DROP
-A OUTPUT -p tcp -m owner ! --uid-owner 1000 -j DROP
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output

IPv6 rules:

-P OUTPUT DROP
-A OUTPUT -p tcp -m owner ! --uid-owner 1000 -j DROP
-A OUTPUT -j ufw6-before-logging-output
-A OUTPUT -j ufw6-before-output
-A OUTPUT -j ufw6-after-output
-A OUTPUT -j ufw6-after-logging-output
-A OUTPUT -j ufw6-reject-output
-A OUTPUT -j ufw6-track-output

Here you see the user id 1000 of user player. User name is being converted to UID.

If you have ufw installed, there will be some ufw rules also as you can see here.
The new rules must appear in front of the ufw rules.

After you added the rules, only applications executed by user player will be able to pass through the firewall.

To run a program as specific user use (for example):

sudo -u <USER> command

To remove these new rules use:

iptables -D OUTPUT -p tcp -m owner ! --uid-owner player -j DROP
ip6tables -D OUTPUT -p tcp -m owner ! --uid-owner player -j DROP
iptables -D OUTPUT -p tcp -m owner ! --gid-owner player -j DROP
ip6tables -D OUTPUT -p tcp -m owner ! --gid-owner player -j DROP

The rules added this way are not permanent. After machine restart they vanish.
Please search the Internet for how to add rules to iptables permanently.

And yes, these rules will prevent drivers from connecting to the Internet ,
but maybe you will have to add additional “loosening” rules, because it’s too strict.

Edit:
I forgot to mention the UDP rules…
Simply replace -p tcp with -p udp. The rest is the same.

johnny3x · September 22, 2024, 5:34pm

Thank you for your replies! Just in case, to clarify, my main concern was if an nvidia gpu would be capable of leaving a trace of my activity on Tor for Linux and if the same thing could happen on tails. These were definitely very helpful.

I have been considering that, but I’ve heard that using the proprietary driver makes the gpu more capable than if it were to run the open source one. I guess I’ll have to favor privacy over a few extra framerates.

I generally don’t mind those random processes happening as long as it’s not connecting to something like google every five seconds. I use Tor on Linux for general searches while on Tails I mainly use it for the programs it provides through the Tor network, and maybe some searches every now and then.

I do use Tor for searches. I was only concerned that my gpu would be able to somehow read about the websites I visited. Just want to absolutely make sure that I’ll have equal anonymity to an old laptop from 2007 if I use a modern one with an nvidia gpu (if we ignore the different screen resolutions). I’d imagine the Tor devs most likely work heavily to prevent that from happening as much as possible.

I just went through the support portal again. I couldn’t find it anywhere. Maybe I’m confusing it with some youtube video I saw back then, but I swear it was on there.

As for this, I was asking if an nvidia gpu would be capable of leaving traces of what I do in the Tor browser on Linux and if I could mitigate that entirely on Tails.

ok XD

Hmm. Interesting. I will consider that.

Again, I would like to thank everyone who replied!

BobbyB · September 22, 2024, 10:32pm

Ah I see the confusion (mine). You sometimes use the laptop with a version of Linux booted and sometimes you boot Tails.

While using Tails I doubt very much if the Nvidia card can do anything. Tails has complete control of the computer and I bet it is using a generic video driver. I don’t know this for a fact but it is only logical. The Tails people would have thought of it.

While using Tor on Linux, the driver for the video card is loaded, of course, but if it can do anything to leave traces of what you do in the Tor browser it would be http(s) only (because Tor is http(s)). They would get an exit node IP.

If I put on my paranoia hat then any other activity from the video card to leave traces would have to be rogue. I have no idea who you are or what you do but WOW are you in trouble.

Again with my paranoia hat on, a Google Chrome browser or other could figure if Tor browser was running and proxy out a https request via the live Tor browser with whatever it wanted in the payload. This would also be rogue and Google would not dare do this. I have tested both Edge and Firefox on Windows to proxy out via my Tor browser when it is up.

You are correct about Google every 5 seconds. Almost any site you visit will be using some sort of Google content (fonts, analytics, icons, ads, jquery, etc, etc) but, as above, on Tails and Tor they would get an exit node IP. If using Google Chrome on any OS then you are connected to HQ directly.

johnny3x · September 23, 2024, 8:15am

Well I might just be very stupid and putting on another paranoia hat, but I’d thought that the Nvidia drivers would make the gpus become spyware and (for example) copy all the text that’s displayed on all the websites you visit on Tor. It would get that text locally though the active session that the Tor Browser is running. I’d imagine Windows does the same thing. Both of the things I said aren’t factual, but you’ll never know if they truly are. This is the scariest part about anything being proprietary: The Unknown. For now, it looks like there’s no evidence of gpu spying on that level since not that many people have spoken about that, only some paranoid redditors lol.

The stuff I do on Tor is the usual searches. I only put this into question because I fear that it would be pointless for many out there that have a way higher threat model and actually need to be fully undercover (except the ones who can manage to run Tails) if they only have modern PCs and laptops with components that probably have spyware built in lol. All these companies: Google, Microsoft, Nvidia, Apple, Intel, and many more are turning into AI companies; they’re coming for your data to sell it and train their AI. Since Nvidia is one of them, there is no way that they’re not collecting some information via their gpus and their drivers. The main reason I use Tor is to prevent them from linking any data points to me as much as possible and hurting their businesses (using an alternative frontend for YouTube and others) because I want them to know that all of us deserve a distant future in which privacy is the new normal. That ain’t happening any time soon, so the only way to win is if more people use privacy respecting alternatives and make more people use Tor and run relays for the Tor network. Then finally we’ll see those greedy, rich CEOs go poor.

I also thought the same. Who knows, even if that is literally spyware, I’d imagine Google is doing that now. Speaking of…

Most Android phones also have that, but instead of web elements, they are just connected to Google every time it connects to the internet and they do crazy amounts of spying. Same with Apple’s “Privacy, that’s iPhone.”

To close, I think now is a good time to lock this post. Based on everyone’s replies, and my observations (a couple of searches, and going through Reddit rabbitholes), it seems like there isn’t really a possibility of an nvidia gpu deanonymizing anyone and leaving traces of your Tor activity. Even if many PC components allow the browser to run, I think all webpages and data is sent directly to RAM or however Tor optimized it (I clearly don’t know how browsers work lol). Unless someone objects my analysis, I don’t think there is much to worry here. From what I understood, don’t use proprietary drivers, if not, then use Tails if you can. Maybe don’t use Tor on Windows? And for the really paranoid, just use Tails or Whoonix (whichever makes you less paranoid). I imagine the post will auto lock itself after a period of time. Anyone is free to comment until it locks by itself. Thank you everyone! : )

system · September 24, 2024, 8:16am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.