[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor and chained web based proxy sites?

Hi John,

I'm sending my reply to the or-talk list, since that is the
place from which this exchange springs.

On Mon, Aug 21, 2006 at 02:09:50AM -0400, Bestbayer@xxxxxxx wrote:
> Hi Paul,
> I was reading a discussion about how you said that combining Tor with Jap 
> would hurt the functionality of both systems. Would using a chain of web based 
> proxy sites (that do not require JavaScript or cookies) give me a more 
> predictable exit point in the free-route network, or would it increase my anonymity?

You raised the Tor vs. JAP design question. Your example, however, is
compatible with both depending whether the chain is chosen once and
used by everyone or its links are chosen by the client and changed
fairly frequently (or conceivably you could be suggesting something in
between, e.g., a client picks a route and sticks with it
persistently). I'm not sure what specifically you are asking, but I
can respond to the comparison between your two example scenarios.

> Example - Three chained web proxy sites: 
> http://webproxysite-1.net/index.php/110100A/http://webproxysite-2.net/index.ph
> p/110100A/http://webproxysite-3.net/index.php/110100A/http://www.google.com
> Or a chain that loops back to the original web proxy site: 
> http://webproxysite-1.net/index.php/110100A/http://webproxysite-2.net/index.ph
> p/110100A/http://webproxysite-1.net/index.php/110100A/http://www.google.com

You are generally much worse off in the second case. There is a single
point, webproxysite-1.net, that can watch both ends of the circuit.
From timing and volume of your traffic, the operator of
webproxysite-1.net will be able to quickly tell which client initiator
and responding server are on the same circuit and know what you are
doing. This has long been recognized in theory and simulation, and
more recently experimentally shown on the Tor network for some cases.
But worse, s/he doesn't need to be malicious or the site be
compromised.  An external attacker just watching the network
connection of webproxysite-1.net can do the same attack about as
well. The second case thus reduces to the security of a single hop

Paul Syverson                              ()  ascii ribbon campaign  
Contact info at http://www.syverson.org/   /\  against html e-mail