[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Better Privacy for Tor Node Operators

On Sunday 24 April 2011 20:24:07 tagnaq wrote:
> On 2011-01-29 Alice decides to create a new example.com account
> (alice@xxxxxxxxxxx) using her home IP address - the same as her Tor node
> is using [] . (Alice is not using Tor for browsing the web
> but she uses Torbutton in Transparent mode - I'm just mentioning this to
> make clear that beside the IP address there is not much identifying
> information)
> On 2011-03-13 (and several IP's) later Alice (now browsing with
> []) wants another example.com account and again visits their
> website. The Tor node is still running. example.com would like to know
> if Alice did already create an account in the past.
> example.com performs the following steps to answer its question:
> 1. IP address to Tor node fingerprint lookup
> 2. fetch all IP addresses that the Tor node (gathered in step 1) ever had
> (one of the obtained records is: 2011-01-29
> 3. look for matching IP addresses (comparing list gathered in step 2
> with their own database)
> MATCH: 2011-01-29 => created: alice@xxxxxxxxxxx
> Now example.com will kindly ask Alice if she lost her password for
> alice@xxxxxxxxxxx ;)

The obvious way Alice can fix that is to set up the example.com account with 
Tor. Then example.com will see Alice coming from an exit node and will have 
no idea where Alice really is.
tor-talk mailing list