[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Improving Private Browsing Mode/Tor Browser

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Improving Private Browsing Mode/Tor Browser
From: Robert Ransom <rransom.8774@xxxxxxxxx>
Date: Wed, 22 Jun 2011 14:33:48 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 22 Jun 2011 17:34:08 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:date:from:to:subject:message-id:in-reply-to :references:x-mailer:mime-version:content-type :content-transfer-encoding; bh=1avnlV977k/c44wcWm7CLMVuwDKvubEnRt9lMULudxo=; b=CgNbc/B3+sqa2vidPoR1+FWBVmyt7Gpd4ZslY6VvOEgnQ1ezS5hMPmu+YyGsu/V361 1iZ5Rt8/DPf2oYArrNwYni608iv86l/nNmHp2xvVnVOh1bNpZ/wxzfQU869PqjTkykYJ FN84DttXVx89yGDu+XwaEOZMMeirgCK+Y+FSI=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; b=juo/bW+rCApwwQ19xJBaJaUrYVcvxG+erib+zhOyOlnCtOyEvc86wj18SyVntIDz2S PtWp6nyaYQttkPMEN17V63q8SElc2BiX/q3oLF/TSVplIA/o8L8hUHzv3sv7aiHC1C4v QH/JUEs/4WfChM0PXJ4WT9+bPBiklLOnG9/8s=
In-reply-to: <4E0250F0.40409@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for discussion by the developers of Tor." <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <4E0250F0.40409@xxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx

On Wed, 22 Jun 2011 22:30:40 +0200
Georg Koppen <g.koppen@xxxxxxxxx> wrote:

> Sticking to the blog post (one of) its central idea seems to be to
> isolate the identifiers and state to the top-level domain in the URL bar
> as "activity in Tor Browser on one site should not trivially
> de-anonymize their activity [i.e. the activity of Tor users, G.K.] on
> another site to ad networks and exits". I am wondering whether this idea
> really helps here at least regarding exit mixes. If one user requests
> google.com, mail.google.com and other Google services within the 10
> minutes interval (I am simplifying here a bit) without deploying TLS the
> exit is still able to connect the whole activity and "sees" which
> services that particular user is requesting/using. Even worse, if the
> browser session is quite long there is a chance of recognizing that user
> again if she happens to have the same exit mix more than once. Thus, I
> do not see how that helps avoiding linkability for users that need/want
> strong anonymity while surfing the web. Would be good to get that
> explained in some detail. Or maybe I am missing a point here.

If you maintain two long sessions within the same Tor Browser Bundle
instance, you're screwed -- not because the exit nodes might be
watching you, but because the web sites' logs can be correlated, and
the *sequence* of exit nodes that your Tor client chose is very likely
to be unique.


Robert Ransom
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Improving Private Browsing Mode/Tor Browser
  - From: Georg Koppen

References:
- [tor-dev] Improving Private Browsing Mode/Tor Browser
  - From: Georg Koppen

Prev by Author: Re: [tor-dev] Too many cooks spoil the broth---or: how about we clean up the wiki?
Next by Author: Re: [tor-dev] Improving Private Browsing Mode/Tor Browser
Previous by thread: [tor-dev] Improving Private Browsing Mode/Tor Browser
Next by thread: Re: [tor-dev] Improving Private Browsing Mode/Tor Browser
Index(es):
- Author
- Thread