[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: General anonimity/privacy question when using TOR



 Another detail that could comprimise ones anonymity is using webmail or regular email through tor. The mail could be observed as it comes in or out of the tor network unless this is done over SSL. Then an email addresses, passwords, and the like could all be compromised as well as the communications read. Sure all of a persons email may not always come out the same exit node, but a clever party wishing to intercapt communications could setup multiple servers, increasing the amount of traffic intercepted, and over a long period of time a fairly significent of data may be gathered, particularly if you use personal details in communications.
 If others you are communicatimg with are not secure, neither are you.
 
On Thu, 02 Feb 2006 07:33:31 -0800
"Glymr Darkmoon" <glymr_darkmoon@xxxxxxx> wrote:

> this thing just makes me think about how much extra anonymity one
> acquires by running a server as well as using it as a client. especially
> so for persistent connections like irc, where multiple other users
> connections muddle up the certainty about who is originating what. it
> also occurred to me a little while ago that running a server also means
> you can get away with now and then connecting without the proxy and
> again it still gets lost in the multiple other similar connections that
> the server originates.
> 
> On Thu, 2 Feb 2006 09:01:03 -0500, force44@xxxxxxxxxxxxx said:
> > I copy below a part of the FAQ of JAP, my question is "Does it apply also
> > to TOR?". In other words, what is better to improve a TOR user's
> > anonymity: Stay connected a long time (or never disconnect, if he uses a
> > cable, DSL etc connection), or often disconnect (to change his IP, for
> > example) ?
> > 
> > Thank you!
> > 
> > 
> > ***
> > 	
> > From http://anon.inf.tu-dresden.de/fragen/konzept_en.html#K7
> > 
> > Why does frequent connecting and disconnecting of the internet connection
> > reduce the level of anonymity?
> > 
> > Someone observing your computer would know when you are connected to the
> > internet or to the anonymization service. If this observer also observes
> > the first mix in the anonymization service, he would see connections and
> > disconnections there as well. He could then draw conclusions as to which
> > user is visiting which website.
> > 
> > Let us assume the following example:
> > 
> >     * It is known that a user is downloading a large file (for example,
> >     50MB).
> >     * It is also known that another user is only surfing.
> > 
> > The observer also sees that one of them frequently connects and
> > disconnects from the internet while the other is constantly connected.
> > Then it's clear that the one who is constantly connected is downloading
> > the file and the other one is the one surfing. Somit ist klar, wer von
> > beiden die Datei herunterlädt und wer nur surft.
> > 
> > The problem remains even with many users. Statistical averages can be
> > made of people who were logged in at the same time. Thus it becomes
> > relatively easy to determine who did what at what time.
> > 
> > ***
> -- 
>   Glymr Darkmoon
>   glymr_darkmoon@xxxxxxx
> 
> -- 
> http://www.fastmail.fm - Access your email from home and the web
> 
> 
>