[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Webpage autorefresh weakens onion routing

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Webpage autorefresh weakens onion routing
From: Roger Dingledine <arma@xxxxxxx>
Date: Wed, 3 Jul 2013 00:04:19 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 03 Jul 2013 00:04:32 -0400
In-reply-to: <1372815924.76515.YahooMailNeo@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <1372815924.76515.YahooMailNeo@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.20 (2009-06-14)

On Tue, Jul 02, 2013 at 06:45:24PM -0700, Mark Yaler wrote:
> Let's say you open webpage X, which automatically refreshes every
>minute. But the user doesn't immediately realize this problem.

Variations of this attack are in various research papers, e.g.
http://freehaven.net/anonbib/#tissec-latency-leak
See also
http://freehaven.net/anonbib/#abbott-pet2007

> The user also wishes to read webpage Y. However, this user realizes
>that opening both X and Y would allow his identity to be compromised,
>or at least significantly narrowed in probability. So the user realizes
>that he needs to refresh his Tor identity between accessing pages X and
>Y. So he does this.

Assuming he clicks 'new identity' in Torbutton, it will flush all his
browser state. There will be no more page X open.

> Then he accesses webpage Y. Unfortunately, due to the autorefresh
>HTML code on webpage X, which suddenly occurs, there is now evidence
>(in the clear) of the same IP address accessing both X and Y within a
>short time window, thereby weakening his anonymity.

Yep. That's why the Tor Browser doesn't allow this.
https://www.torproject.org/projects/torbrowser/design/#new-identity

> My point is, why not do that by default?

It's a tradeoff between usability and security. I think we'd end up
breaking a lot of pages if we disabled all refreshes.

--Roger

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Webpage autorefresh weakens onion routing
  - From: Mark Yaler

Prev by Author: Re: [tor-talk] Vidalia error message with TorBirdy
Next by Author: [tor-talk] Tor 0.2.4.15-rc is out
Previous by thread: [tor-talk] Webpage autorefresh weakens onion routing
Next by thread: [tor-talk] Tor Weekly News â July 3rd, 2013
Index(es):
- Author
- Thread