[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Risk of checking multiple accounts with TorBirdy
Sebastian G. <bastik.tor>:
> 04.01.2014 09:05, dhanlin:
> It also depends on where and who your adversary is.
The adversary I had in mind was a malicious exit node administrator. If
all e-mail accounts are accessed using the same circuit, it seems the
exit node would see the near simultaneous connections (assume encrypted)
to various e-mail servers, and even with one occurrence suspicion could
be developed that the accounts accessed are linked.
Suppose I check simultaneously:
- john.doe@xxxxxxxxxx
- jane.doe@xxxxxxxxx
- my.actual.name@xxxxxxxxxxxxx
If the adversary wants to create a database linking many e-mail accounts
accessed over Tor using secure connections, they could collect
simultaneous e-mail account accesses from their exit node. When the
combination of the servers accessed simultaneously is distinct (e.g.
yandex.com + gmail.com + my.server.org), the accounts can be linked,
even if their account names are unknown. (The actual account names
could be found out retrospectively, for example by subpoena of gmail.com
accounts accessed at a certain time.)
Unless this threat is flawed, it seems like it therefore would be safest
if TorBirdy used a separate circuit for each account, or enforced delays
between checks of multiple accounts. (Maybe it already does?)
dhanlin
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk