[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tracking with etags


Tor does not protect information inside the protocols it carries. Users
must take care themselves when using unscrubbed information, or if they
are mixing anonymized traffic with other traffic since the connections
might share the same exit node.

See: http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ExitEavesdroppers
and http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#TotallyAnonymous

 - Lasse

Adam Gleave wrote:

> First, sorry if this has been mentioned before. I've searched and
> haven't found any mention, but it seems too obvious to have not
> already been reported.
> Basically, client gets etag from server, client sends etag to server
> next time it connects, server can associate client.
> Might not sound significant, but if Gmail - for instance - gives
> people Etag's, they - and anyone listening in on the connection - can
> associate unanonnimized accounts with anonymized accounts.
> I tested this on tor + privoxy and it worked.