On 12/18/2011 5:33 PM, Matthew R wrote:
I didn't read the entire article yet, but have read of some similar claims likeFrom: http://www.wired.com/vanish/2009/09/interview-with-pi-steve-rambam-evan-can-be-found/ Wired: How much can one do with IP addresses that have been run through Tor? SR: If you have access to certain tools, you can completely ignore Tor. You can trap your subject’s IP address without wasting your time busting through Tor. Without revealing too many tricks, for example, it’s easy enough to send someone an e-mail that broadcasts location info back to a server. Someone operating a trap website can grab Evan’s cookies and see his entire browser history and his current IP address. With only a minimal amount of work, you can determine where Evan is viewing a website from. Does this make any sense? I assume that what the PI means is that if you send an e-mail to a non-webmail client (like Thunderbird) which does not go via Tor, then the IP can be determined when it loads the 1x1 HTML pixel from the website. However, if the victim uses webmail then surely all responses would go via Tor? Or does he mean something else?
Even if partly true, this is one reason I don't understand why TBB has default settings to allow all cookies, seeing as how its main goal is anonymity. Devs are very concerned about not writing anything to cache, but not concerned about cookies.Someone operating a trap website can grab Evan’s cookies and see his entire browser history
Tor wasn't developed for constant, everyday use by millions w/ the idea that anonymity could be provided for the masses. It probably never will achieve that. Authorities & hackers will always be looking for holes. People much smarter than me say if you're that concerned about true anonymity, you'd better encrypt everything. Cookies & browsing history are another matter.
Under current US & other nations' laws, it's possible that gov'ts have already forced developers of any software - incl. Tor - to put in backdoors. And in fact, say it's illegal for the devs of any software to outright disclose such. In general, most gov'ts aren't going to allow devising ways that criminals can easily & completely avoid detection. (No, Tor isn't only used by criminals - but gov'ts don't care). And if they determine such software / networks could provide 99.9% anonymity, w/ no way for them to crack it or no backdoors, they'd probably outlaw it.
I don't know that it has happened w/ Tor, but it certainly has in other cases. If you want true anonymity, don't use the internet, unless you're very well educated in all things related to internet anonymity (hard for one person to do), and taking extreme, well founded measures to thwart those seeking to identify you or your location, gather info, etc. Plus, it would be a full time job constantly testing your methods & keeping up w/ newest ways others could crack your system. A handful of people might have the ability (& almost none the time) to do this.
Could you clarify the question? As Phillip mentioned, Tbird can be Torrified, but I've never been impressed or convinced that the methods are fool proof by any means. Web beacons (web bugs) can be stopped in a few ways, that is probably more reliable than any overall anonymity on the web.if you send an e-mail to a non-webmail client (like Thunderbird) which does not go via Tor, then the IP can be determined when it loads the 1x1 HTML pixel from the website
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk