[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Webpage autorefresh weakens onion routing

On Tue, Jul 02, 2013 at 06:45:24PM -0700, Mark Yaler wrote:
> Let's say you open webpage X, which automatically refreshes every
>minute. But the user doesn't immediately realize this problem.

Variations of this attack are in various research papers, e.g.
See also

> The user also wishes to read webpage Y. However, this user realizes
>that opening both X and Y would allow his identity to be compromised,
>or at least significantly narrowed in probability. So the user realizes
>that he needs to refresh his Tor identity between accessing pages X and
>Y. So he does this.

Assuming he clicks 'new identity' in Torbutton, it will flush all his
browser state. There will be no more page X open.

> Then he accesses webpage Y. Unfortunately, due to the autorefresh
>HTML code on webpage X, which suddenly occurs, there is now evidence
>(in the clear) of the same IP address accessing both X and Y within a
>short time window, thereby weakening his anonymity.

Yep. That's why the Tor Browser doesn't allow this.

> My point is, why not do that by default?

It's a tradeoff between usability and security. I think we'd end up
breaking a lot of pages if we disabled all refreshes.


tor-talk mailing list