[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Better Privacy for Tor Node Operators

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Better Privacy for Tor Node Operators
From: Curious Kid <letsshareinformation@xxxxxxxxx>
Date: Mon, 25 Apr 2011 06:04:30 -0700 (PDT)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 25 Apr 2011 09:04:47 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1303736670; bh=ncUx7ONoSeZhyXK7pDnIuBWvnY/ZwSGG8AIAqQAT6Oo=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=5guirl7F4F5UUctljhUpNLQGA3zKjyiyIA69LYN3O5DwgazTSLoOKMQYGJ8zLnBE9hbRj5YP1tM+sII1XZFNBTiyk8boOaaDdtLLIWJ+TTGnXYGF8cJGC2/yR4bPVsTuR4qFuXN7jSuPTct4UWxRmYgBNeRwbFKEL2cZL/7UHfQ=
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=zDK2kriDth5PgcWAuk8lFQk4cHno+V0zSipA77sknbQ8yfWNgIFHaqSIb/4yh7WVgPV7yHaQIqT2Djf4PY84ECbSkliv9I9hb0xWbkefACS/qGactZXEDHJNRm+popdmXp6EtfNyfypWa7/VROgEuHu4PbQfC5CtD0d3AzxjC98=;
In-reply-to: <4DB4BF27.4080101@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4DB45B79.7020306@xxxxxxxxx> <BANLkTin27cStfuxms81riou3ErY=qUaWNw@xxxxxxxxxxxxxx> <20110424231102.GA32682@xxxxxxxxxxxxxxxx> <4DB4BF27.4080101@xxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx




----- Original Message ----
> From: tagnaq <tagnaq@xxxxxxxxx>
> To: tor-talk@xxxxxxxxxxxxxxxxxxxx
> Sent: Mon, April 25, 2011 2:24:07 AM
> Subject: Re: [tor-talk] Better Privacy for Tor Node Operators
> 
> Alice  runs an non-exit Tor node at home. The Tor node at home is always
> running.  Her ISP assigns her a new IP address every day.
> 
> On 2011-01-29 Alice  decides to create a new example.com account
> (alice@xxxxxxxxxxx) using her home IP address  - the same as her Tor node
> is using [86.59.30.36] . (Alice is not using Tor  for browsing the web
> but she uses Torbutton in Transparent mode - I'm just  mentioning this to
> make clear that beside the IP address there is not much  identifying
> information)
> 
> On 2011-03-13 (and several IP's) later Alice  (now browsing with
> [38.229.70.37]) wants another example.com account and  again visits their
> website. The Tor node is still running. example.com would  like to know
> if Alice did already create an account in the  past.
> 
> example.com performs the following steps to answer its  question:
> 1. IP address to Tor node fingerprint lookup
> 2. fetch all IP  addresses that the Tor node (gathered in step 1) ever had
> (one of the  obtained records is: 2011-01-29 86.59.30.36)
> 3. look for matching IP  addresses (comparing list gathered in step 2
> with their own  database)
> MATCH: 2011-01-29 86.59.30.36 => created: alice@xxxxxxxxxxx
> 
> Now example.com  will kindly ask Alice if she lost her password for
> alice@xxxxxxxxxxx ;)
> 

Is it plausible that a group of people could be NATed together with a node 
operator? How does limiting node data eliminate the problem of an IP address 
match? Isn't this more a problem of historical data being publicly available 
ad-hoc? Where is it kept? Is there a need or good use for it? (Yes, of course 
would-be attackers could maintain their own lists.)

If one doesn't want to use Tor to visit example.com, maybe a non-blocked one-hop 
proxy would work. I don't know how to solve the bigger problem of IP address 
linking without using a remote proxy.

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Better Privacy for Tor Node Operators
  - From: tagnaq

References:
- [tor-talk] Better Privacy for Tor Node Operators
  - From: tagnaq
- Re: [tor-talk] Better Privacy for Tor Node Operators
  - From: grarpamp
- Re: [tor-talk] Better Privacy for Tor Node Operators
  - From: andrew
- Re: [tor-talk] Better Privacy for Tor Node Operators
  - From: tagnaq

Prev by Author: Re: [tor-talk] Google disable web-access to gmail for Tor-users?
Next by Author: Re: [tor-talk] Better Privacy for Tor Node Operators
Previous by thread: Re: [tor-talk] Better Privacy for Tor Node Operators
Next by thread: Re: [tor-talk] Better Privacy for Tor Node Operators
Index(es):
- Author
- Thread