[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Potential attack by associating onymous & anonymous traffic
- To: or-talk@xxxxxxxxxxxxx
- Subject: Potential attack by associating onymous & anonymous traffic
- From: Nick Nolan <hellish@xxxxxxxxxxx>
- Date: Fri, 24 Dec 2004 15:20:52 -0800
- Delivered-to: archiver@seul.org
- Delivered-to: or-talk-outgoing@seul.org
- Delivered-to: or-talk@seul.org
- Delivery-date: Fri, 24 Dec 2004 18:21:35 -0500
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Mozilla Thunderbird 0.9 (X11/20041124)
An example:
An attacker knows that I use the AIM account malglico. I am doing this
through Tor (to hide my location or just out of ethusiasm for tsocks). I
am also using Tor to transmit something else that I do not want to be
revealed as the sender of.
This attacker is able to observe all or some endpoints to the network.
They notice that some traffic from malglico is coming from a particular
Tor exit. At the same time they notice that the sensitive information I
am transmitting is also exiting from there. They can immediately narrow
the sender to me or one of the other users exiting from that OR. They
have my identify, and the 1 over the number of users exiting from that
OR probability that I sent it. This is considerably better than all
users on tor who sent message close to that size out.
The simplest solution would be to send all my onymous traffic unproxied,
but maybe I want to hide my location. I can't in the current
implementation. If the Tor daemon were able to group the traffic, ie
this this and this can be sent down the same circuit, but this must be
seperated, I would be able to hide my location in some cases and my
entire identity in others.
Do I have a potential privacy concern here or did I miss something? I've
only RTFS'd briefly.
Regards,
Nick Nolan
Attachment:
signature.asc
Description: OpenPGP digital signature