[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Risk of checking multiple accounts with TorBirdy

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Risk of checking multiple accounts with TorBirdy
From: dhanlin <MlgAcRBC@xxxxxxxxxx>
Date: Sat, 04 Jan 2014 11:37:50 +0000
Authentication-results: smtp1o.mail.yandex.net; dkim=pass header.i=@xxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 04 Jan 2014 06:56:21 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail; t=1388835474; bh=yjhqrAMdZfsVJrGYR6LyvLZMbL059SydXSriyT9bEKQ=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=j8e8Hu1Qb/CmS/bLaSL/EmjyUZMnuxT7DOHUgWhMDIlkIwvoBDFpzh6hMfV9BtRuA 7lxzwv2aJhvSJLFyeaNE4mtnCBVpDIuqWTMdRe/2auzOIuEnO81zg6zuoo+f+Xsv9m jNAcWgnGSL5XusoT8AFQyE+TCkgYRg5dvrX9Ld3A=
In-reply-to: <52C7D8B5.5040206@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <52C7C0E0.4020407@xxxxxxxxxx> <52C7D8B5.5040206@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Sebastian G. <bastik.tor>:
> 04.01.2014 09:05, dhanlin:
> It also depends on where and who your adversary is.

The adversary I had in mind was a malicious exit node administrator.  If
all e-mail accounts are accessed using the same circuit, it seems the
exit node would see the near simultaneous connections (assume encrypted)
to various e-mail servers, and even with one occurrence suspicion could
be developed that the accounts accessed are linked.

Suppose I check simultaneously:
- john.doe@xxxxxxxxxx
- jane.doe@xxxxxxxxx
- my.actual.name@xxxxxxxxxxxxx

If the adversary wants to create a database linking many e-mail accounts
accessed over Tor using secure connections, they could collect
simultaneous e-mail account accesses from their exit node.  When the
combination of the servers accessed simultaneously is distinct (e.g.
yandex.com + gmail.com + my.server.org), the accounts can be linked,
even if their account names are unknown.  (The actual account names
could be found out retrospectively, for example by subpoena of gmail.com
accounts accessed at a certain time.)

Unless this threat is flawed, it seems like it therefore would be safest
if TorBirdy used a separate circuit for each account, or enforced delays
between checks of multiple accounts.  (Maybe it already does?)

dhanlin
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Risk of checking multiple accounts with TorBirdy
  - From: K. Raven
- Re: [tor-talk] Risk of checking multiple accounts with TorBirdy
  - From: Mix+TB Test

References:
- [tor-talk] Risk of checking multiple accounts with TorBirdy
  - From: dhanlin
- Re: [tor-talk] Risk of checking multiple accounts with TorBirdy
  - From: Sebastian G. <bastik.tor>

Prev by Author: Re: [tor-talk] Businesses blocking Tor access
Next by Author: Re: [tor-talk] Risk of checking multiple accounts with TorBirdy
Previous by thread: Re: [tor-talk] Risk of checking multiple accounts with TorBirdy
Next by thread: Re: [tor-talk] Risk of checking multiple accounts with TorBirdy
Index(es):
- Author
- Thread