On Tue, Apr 22, 2014 at 11:10:27 -0400, Ian Goldberg wrote: > The proposal (140) doesn't appear to discuss the client > fingerprintability aspect of this: they reveal the last time they used > Tor (if recentish). Say you're a mobile client that gets a dynamic IP > address. With this, you reveal that you probably aren't or maybe are > the same person that was last seen over there at that particular time. > > What are the implications here? As far as I understand, Tor clients fetch the consensus documents from a random authority at first, and then from caches at somewhat random times - reading from [0] at section 5.1. Since it starts using caches and building circuits after fetching the first consensus from an authority, I don't see how anyone could identify a client. Sure, a cache will know for how long has a client been disconnecten when it asks for a diff starting at e.g. yesterday. But was it that same cache who gave it the previous diff? Or are you talking about regular traffic too? I might have not understood you well - if that's the case, please explain with a bit more of detail. Anyway, downloading the entire consensus file from either an authority or a cache will always be possible, if that's what you are concerned about. But we want diffs to be usable in a secure manner just like entire consensuses are. [0] https://gitweb.torproject.org/torspec.git/blob/refs/heads/master:/dir-spec.txt -- Daniel Martí - mvdan@xxxxxxxx - http://mvdan.cc/ PGP: A9DA 13CD F7A1 4ACD D3DE E530 F4CA FFDB 4348 041C
Attachment:
pgpq4eUN8XjGv.pgp
Description: PGP signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev