[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Torpark and security



Thank you very much for the good answers! 

Another question, if an user wanna connect a https website 
throug Tor, is Tor then encrypting the encryption as well, 
or is it just letting through unmanaged, thus the SSL 
website will know the user´s real IP-number? 

Then I have an theory about how someone may get traced, 
without any big organization needed to monitor all Tor 
servers. This scenario depends on if the involved Tor 
servers make logs or not. An angry website runner (or 
somebody monitoring it´s flow of data) checking the list 
of Tor signed-directory for the IP-number of interest and 
there finding the email address of the Tor server contact. 
Then just sending an email to that contact requesting what 
in it´s outfaceing log of a given time (if the clock is well 
syncronized) or of a given exact size of data to/from the 
website´s IP-number. Then asking what at the same time/size 
shows at this Tor server inbetween log and the IP of the Tor 
server next before. Then again check the signed-directory 
and so on, until the very first Tor server log telling the 
user´s real IP-number. Now that´s a theory, in practise it 
will perhaps be more difficult as some (or many) of the Tor 
server administrators refuse to tell it, or make the logs 
dissappear if there was any. But the possibility exist? 



-- 
  
  nosnoops@xxxxxxxxxxx

-- 
http://www.fastmail.fm - Same, same, but different?