Thus spake Georg Koppen (g.koppen@xxxxxxxxx): > > However, when performed by the exits, this linkability is a real > > concern. Let's think about that. That sounds more like our > > responsibility than the browser makers. Now I think I see what Georg > > was getting at. We didn't mention this because the blog post was > > directed towards the browser makers. > > Well, my idea was not that sophisticated but yes, it belongs to the > passive attacks available to exit mixes I generally had in mind (and I > agree that the current domain-based proposal makes it way harder for an > active mix attacker). My example used just one session. And I still > would claim that even this gives an exit mix means to track users during > the 10 minutes (and later if the user happens to get the same exit mix > again within the same browsing session). If this is true do you mean > that it is just not worth the effort or is to difficult to explain to > the user (as it is highly probably that avoiding this kind of tracking > implies breaking some functionality in the web (a kind of tab separation > would be necessary but not sufficient))? I'm confused now. You're basically just talking about cookies, cache, and other stored identifiers at this point, right? Single-site linkability due to information the user has provided to the website is outside of Tor's threat model. That is what https is for (and also why we ship HTTPS-Everywhere with the Tor Browser Bundle). -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpbanDDMOXJv.pgp
Description: PGP signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev