[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.
> I don't understand what Schneier means by this:
> "After identifying an individual Tor user on the internet, the NSA
> uses its network of secret internet servers to redirect those users
> to another set of secret internet servers, with the codename
> FoxAcid, to infect the user's computer."
> Surely the whole point of Tor is that the requester of
> http://www.target_website.com cannot be identified based on the
> traffic which leaves the exit node. Since the N_S_A would only know
> the IP address of the exit node and the destination
> http://www.target_website.com, how can the client be identified even
> if the traffic is redirected to the FoxAcid servers?
Tor is preventing the user from being identified by their (true) source
IP address. In the hypothesis of the article, there's sometimes another
way to identify the user, for example because they've logged into a
(non-TLS) service using a particular username and password, or because
they sent a particular cookie.
The materials that Schneier is reporting on use a very broad notion of a
"selector" -- a way of referring to a particular user or device or
network in order to associate network traffic with them. One of the
most fundamental selectors on the Internet is someone's source IP
address, which Tor obfuscates. The Tor Browser also tries not to have
any persistently distinguishable features between one user's traffic
and another's (unlike a normal desktop web browser!), but a user's
particular behavior could still provide ways of identifying them and
distinguishing them from other users.
Seth Schoen <schoen@xxxxxxx>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to