[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Torpark and security
Thank you very much for the good answers!
Another question, if an user wanna connect a https website
throug Tor, is Tor then encrypting the encryption as well,
or is it just letting through unmanaged, thus the SSL
website will know the user´s real IP-number?
Then I have an theory about how someone may get traced,
without any big organization needed to monitor all Tor
servers. This scenario depends on if the involved Tor
servers make logs or not. An angry website runner (or
somebody monitoring it´s flow of data) checking the list
of Tor signed-directory for the IP-number of interest and
there finding the email address of the Tor server contact.
Then just sending an email to that contact requesting what
in it´s outfaceing log of a given time (if the clock is well
syncronized) or of a given exact size of data to/from the
website´s IP-number. Then asking what at the same time/size
shows at this Tor server inbetween log and the IP of the Tor
server next before. Then again check the signed-directory
and so on, until the very first Tor server log telling the
user´s real IP-number. Now that´s a theory, in practise it
will perhaps be more difficult as some (or many) of the Tor
server administrators refuse to tell it, or make the logs
dissappear if there was any. But the possibility exist?
--
nosnoops@xxxxxxxxxxx
--
http://www.fastmail.fm - Same, same, but different?