[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Better Privacy for Tor Node Operators

On 04/25/2011 01:11 AM, andrew@xxxxxxxxxxxxxx wrote:
> On Sun, Apr 24, 2011 at 03:55:59PM -0400, grarpamp@xxxxxxxxx wrote 1.4K bytes in 25 lines about:
> : > If you run a Tor node at your home IP address you will loose the
> : > positive side effect of a dynamic IP address and your IP layer anonymity
> : > decreases to that of a static IP address because your node identity
> : > links all your public IP addresses.
> I don't understand this statement.  Why does a running a tor relay on
> your home IP address give you less anonymity?

I'll try to explain what I mean with an example:

Alice runs an non-exit Tor node at home. The Tor node at home is always
running. Her ISP assigns her a new IP address every day.

On 2011-01-29 Alice decides to create a new example.com account
(alice@xxxxxxxxxxx) using her home IP address - the same as her Tor node
is using [] . (Alice is not using Tor for browsing the web
but she uses Torbutton in Transparent mode - I'm just mentioning this to
make clear that beside the IP address there is not much identifying

On 2011-03-13 (and several IP's) later Alice (now browsing with
[]) wants another example.com account and again visits their
website. The Tor node is still running. example.com would like to know
if Alice did already create an account in the past.

example.com performs the following steps to answer its question:
1. IP address to Tor node fingerprint lookup
2. fetch all IP addresses that the Tor node (gathered in step 1) ever had
(one of the obtained records is: 2011-01-29
3. look for matching IP addresses (comparing list gathered in step 2
with their own database)
MATCH: 2011-01-29 => created: alice@xxxxxxxxxxx

Now example.com will kindly ask Alice if she lost her password for
alice@xxxxxxxxxxx ;)

How would one implement such a "feature" if Alice was not running a Tor
node at her IP?

best regards,

tor-talk mailing list