[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tracking with etags

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Tracking with etags
From: Lasse Øverlier <tor@xxxxxxx>
Date: Tue, 14 Feb 2006 11:54:32 -0500
Cc: tor@xxxxxxx
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Tue, 14 Feb 2006 11:54:21 -0500
In-reply-to: <cb7cfef80602140823u30b28212g@mail.gmail.com>
References: <cb7cfef80602140823u30b28212g@mail.gmail.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Debian Thunderbird 1.0.7 (X11/20051017)

Sorry,

Tor does not protect information inside the protocols it carries. Users
must take care themselves when using unscrubbed information, or if they
are mixing anonymized traffic with other traffic since the connections
might share the same exit node.

See: http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ExitEavesdroppers
and http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#TotallyAnonymous

 - Lasse


Adam Gleave wrote:

> First, sorry if this has been mentioned before. I've searched and
> haven't found any mention, but it seems too obvious to have not
> already been reported.
>
> Basically, client gets etag from server, client sends etag to server
> next time it connects, server can associate client.
>
> Might not sound significant, but if Gmail - for instance - gives
> people Etag's, they - and anyone listening in on the connection - can
> associate unanonnimized accounts with anonymized accounts.
>
> I tested this on tor + privoxy and it worked.

References:
- Tracking with etags
  - From: Adam Gleave

Prev by Author: Re: Reduced throughput with 0.1.1.14
Next by Author: Tracking with etags
Previous by thread: Tracking with etags
Next by thread: RE: Tracking with etags
Index(es):
- Author
- Thread