[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.



  They are identified as a person of interest by visiting
  target_website.com (where target_website.com might be an
 'extremist'
  site or a webmail box that has attracted attention) and
 then *in real
  time* code injection and redirection can be used to attack
 the person's
  computer. So 'identifying an individual Tor user' means
 'identifying as
  a person of interest, new or previously encountered but not
 yet
  traced'.
 GD
 
-----------

But how can the person's computer be identified since all that is seen is the connection between the exit node and the destination target_website.com

The point, surely, is that real time code injection should not be possible since no-one can trace the connection from the exit node back to the user.

I am not saying that the user cannot be traced e.g. if he logs into his own webmail account via Tor; I am saying that the trace should not occur due to the Tor network. 

Does this make sense?
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk