[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Identify requests made by the same user

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Identify requests made by the same user
From: NoWhereMan <nowhereman@xxxxxxxxxxxxx>
Date: Fri, 21 Jun 2013 07:52:10 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 21 Jun 2013 02:11:13 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1371793931; bh=tcTPEXIZB8e/VqrdzSBi8IOc2yQGSaLPjJQZ3vUFr0Q=; h=MIME-Version:Content-Type:Content-Transfer-Encoding:Date:From:To: Cc:Subject:Reply-To:In-Reply-To:References:Message-ID; b=bVNQYOFOuV7fOLFGSml7dF5yPbInabFk1VbIfBJfxZXN/0CLesztKBS1/GK1SXAeR 7m8IyEHKrLPkp8+eWeKgK9IT4xFJiNQmf1FN6H87Tyjmk15tRN5Uhb0EP6f8JA8k88 kZDIPr0b+pKMAQOaLeh5VRqnHxK7YtJEvO8XEmwU=
In-reply-to: <51C371C7.9070802@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Mail-reply-to: nowhereman@xxxxxxxxxxxxx
References: <d205bd4bd90c10f2f696e5b9f737894d@xxxxxxxxxxxxx> <51C371C7.9070802@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: autistici.org webmail

Il 20.06.2013 23:19 krishna e bera ha scritto:


Some of your question is answered here:
https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#SoImtotallyanonymousifIuseTor


I've read the entire FAQ page! :)

1) By design, you cannot know whether aaa.onion and bbb.onion are
running on the same machine or are run by the same operator.

Yes, I know that. What i'd like to know, is if it's the same from theclient point of view.

2) If either .onion site requires registration, you must be careful to
use different email userid and password on each, and those must also be
different from anything you use in non-Tor contexts.

3) If you check the tests at
    http://ip-check.info/?lang=en
    you will see how much browser fingerprinting is possible.  So you
must be careful not to change any settings that will make your browsing
session look different from any other person using TBB.

Yes yes yes. That's clear. Tor encrypts my connections, but I have to becareful on what I (and my browser) send over the internet. This isapplication and physical transport level. What makes me think is the tortransport level (the payload of tcp/udp packets tor sends over theinternet).

My question wasn't actually related to a specific application. This ismy reasoning: in order to get the server response back to me, theencrypted packet Tor sends over the network, should contain andidentifier of my Tor client. This way the .onion service can read therequest, prepare a response and send it back to me. Just like a TCPpacket that contains the sender's IP address (Tor's TCP packet willcontain the IP of the last node on the tunnel, but at an higher levelthere should be my client ID).

I'm speaking about a kind of "internal ip", some internal identifier inthe Tor network. Let's put aaa.onion is an IRC chat and ccc.onion is abulletin board. And that from the same client come 2 different requestsfor aaa.onion and ccc.onion. From the application layer, knowing thatthey come from the same client, is impossible. But, Tor should somewayknow that both responses will be forwarded to the same client, thusmaking possible to "group" them and know that behind them there is thesame user.

I've read much technical documentation, but looks like this point is notproperly described. I should read Tor's code, but I can't manage to dothat.


Thankyou all

--
NoWhereMan
nowhereman@xxxxxxxxxxxxx
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Identify requests made by the same user
  - From: grarpamp

References:
- [tor-talk] Identify requests made by the same user
  - From: NoWhereMan
- Re: [tor-talk] Identify requests made by the same user
  - From: krishna e bera

Prev by Author: [tor-talk] Identify requests made by the same user
Next by Author: Re: [tor-talk] Identify requests made by the same user
Previous by thread: Re: [tor-talk] Identify requests made by the same user
Next by thread: Re: [tor-talk] Identify requests made by the same user
Index(es):
- Author
- Thread