[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Wired article on Tor



If I were to set up a machine with any information worth hiding behind
Tor, I wouldn't have made it accessible other than through Tor's
hidden service.

Even if such a machine is accessible from the Internet, the risk is
still manageable because timestamps could have come from only a
limited number of places (please supplement if I miss any): (1)
Applications that are deliberately giving up the timestamp, e.g. a web
application, or even NTP server - just don't expose these to the
Internet directly, if your machine contains anything worth hiding
behind Tor; (2) HTTP reply headers - these can be filtered out or
altered; (3) TCP timestamp - these can be disabled either by firewall
rules or in the kernel (in Linux, by setting net/ipv4/tcp_timestamps=0
in sysctl).

...Unless the very fact that your machine is unusually sanitary is
already incriminating, of course.

- John

On 12/30/06, Dan Collins <en.wp.st47@xxxxxxxxx> wrote:
Anil Gulecha wrote:
> I wanted to know what the developers think :
>
> http://www.wired.com/news/technology/0,72375-0.html?tw=rss.technology
>
>
> Regards
>
A very interesting and unique idea, though I can't believe that the
change due to a little heat would be detectable?

--
GnuPG key ID is 0x84189146 on subkeys.pgp.net