[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

tracking locally originated traffic from an exit node ... ?

If I run a relay with no exit policy at all:

reject *:*

and I personally, as a logged in local user of the system, initiate traffic (like, say, download the wikileaks torrent or posting on a website using lynx, or whatever), I suspect that traffic sticks out VERY clearly to an outside observer ... there's nothing but SSL encrypted traffic going to the ORport and DIRport, and then all of a sudden there is plain old HTTP going to non-tor relays. Very clearly this is non-tor traffic and is "interesting" to an observer.

However, if I run a relay with a relaxed exit policy, and I as a logged in, local user of the system initiate traffic on ports that are open for exit, isn't that traffic very well obfuscated to an outside observer ?

Note that this is not the common "can I use fewer hops" question, which has the usual answer RE: correlation attacks. That situation involves an observer trying to prove a positive. This is the opposite - an outside observer would need to prove a negative: "this traffic I see coming out of the exit WAS NOT caused in any way by the tor traffic I see using it as an exit"

So ... if I've got a 5 or 10 mbps exit node with a healthy list of connections, can I use lynx locally to browse anonymously ?
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/