[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Better Privacy for Tor Node Operators

On 04/25/2011 02:50 AM, cmeclax-sazri wrote:
> The obvious way Alice can fix that is to set up the example.com account with 
> Tor. Then example.com will see Alice coming from an exit node and will have 
> no idea where Alice really is.

The question was not "How do you fix this specific example".
One should see it at a higher level I used the example only to explain
what I meant.

I don't think that the Tor Project expects that every Tor node operator
routes his entire traffic through Tor to avoid this issue (this is not
even recommended or possible).

The question was:

> How would one implement such a "feature" if Alice was not running
> a Tor node at her IP?

because if you can implement this same "feature" if Alice was not
running a Tor node at her IP than this is not an issue Tor has to worry

If Alice is unlucky and has an unique (or near unique) screen resolution
in her ISPs network (AS) than you might fingerprint Alice also if she is
not running a Tor node at her IP address (fingerprinting based on a
combination of her screen resolution[1], installed fonts[2], STS
State[3], time[4], ISP/AS).

[1] https://trac.torproject.org/projects/tor/ticket/2875
[2] https://trac.torproject.org/projects/tor/ticket/2872
[3] https://trac.torproject.org/projects/tor/ticket/2877
[4] https://trac.torproject.org/projects/tor/ticket/1517
...but Torbutton/TorBrowser will probably fix all these issues in the
tor-talk mailing list