[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Identify requests made by the same user

Il 20.06.2013 23:19 krishna e bera ha scritto:

Some of your question is answered here:

I've read the entire FAQ page! :)

1) By design, you cannot know whether aaa.onion and bbb.onion are
running on the same machine or are run by the same operator.

Yes, I know that. What i'd like to know, is if it's the same from the client point of view.

2) If either .onion site requires registration, you must be careful to
use different email userid and password on each, and those must also be
different from anything you use in non-Tor contexts.

3) If you check the tests at
    you will see how much browser fingerprinting is possible.  So you
must be careful not to change any settings that will make your browsing
session look different from any other person using TBB.

Yes yes yes. That's clear. Tor encrypts my connections, but I have to be careful on what I (and my browser) send over the internet. This is application and physical transport level. What makes me think is the tor transport level (the payload of tcp/udp packets tor sends over the internet).

My question wasn't actually related to a specific application. This is my reasoning: in order to get the server response back to me, the encrypted packet Tor sends over the network, should contain and identifier of my Tor client. This way the .onion service can read the request, prepare a response and send it back to me. Just like a TCP packet that contains the sender's IP address (Tor's TCP packet will contain the IP of the last node on the tunnel, but at an higher level there should be my client ID).

I'm speaking about a kind of "internal ip", some internal identifier in the Tor network. Let's put aaa.onion is an IRC chat and ccc.onion is a bulletin board. And that from the same client come 2 different requests for aaa.onion and ccc.onion. From the application layer, knowing that they come from the same client, is impossible. But, Tor should someway know that both responses will be forwarded to the same client, thus making possible to "group" them and know that behind them there is the same user.

I've read much technical documentation, but looks like this point is not properly described. I should read Tor's code, but I can't manage to do that.

Thankyou all

tor-talk mailing list