[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.
From: Seth David Schoen <schoen@xxxxxxx>
Date: Sat, 28 Jun 2014 16:36:40 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 28 Jun 2014 19:41:49 -0400
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org; s=mail2; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date; bh=uy1TVEwTp8/N80SGZQAaXrywPqIkdh+g2tABSWt4VIs=; b=hRU3DX9BFLUThY2gGX8SyNAUxqJcdwRV0ibxzvgcNi4g71SFMXMuAe77GwO8bSzGDcr7tgVcK/xndJ985GwtU6Z899JW2cHQov5FgSYGTCEhZn0JlpU13XGCVLmtShiJ4NtWv10VIac7aZNdvDTEoS1vRlOrLhOC8OiX/ihwy14=;
In-reply-to: <cead7373f87c023abecd06b62ebfc474@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <cead7373f87c023abecd06b62ebfc474@xxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.21 (2010-09-15)

williamwinkle@xxxxxxxxxxxxxxx writes:

> I don't understand what Schneier means by this:
> 
> "After identifying an individual Tor user on the internet, the NSA
> uses its network of secret internet servers to redirect those users
> to another set of secret internet servers, with the codename
> FoxAcid, to infect the user's computer."
> 
> Surely the whole point of Tor is that the requester of
> http://www.target_website.com cannot be identified based on the
> traffic which leaves the exit node. Since the N_S_A would only know
> the IP address of the exit node and the destination
> http://www.target_website.com, how can the client be identified even
> if the traffic is redirected to the FoxAcid servers?

Tor is preventing the user from being identified by their (true) source
IP address.  In the hypothesis of the article, there's sometimes another
way to identify the user, for example because they've logged into a
(non-TLS) service using a particular username and password, or because
they sent a particular cookie.

The materials that Schneier is reporting on use a very broad notion of a
"selector" -- a way of referring to a particular user or device or
network in order to associate network traffic with them.  One of the
most fundamental selectors on the Internet is someone's source IP
address, which Tor obfuscates.  The Tor Browser also tries not to have
any persistently distinguishable features between one user's traffic
and another's (unlike a normal desktop web browser!), but a user's
particular behavior could still provide ways of identifying them and
distinguishing them from other users.

-- 
Seth Schoen  <schoen@xxxxxxx>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.
  - From: Joe Btfsplk

References:
- [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.
  - From: williamwinkle

Prev by Author: Re: [tor-talk] [OT[ New web-cookie policies on internet
Next by Author: [tor-talk] High-latency hidden services (was: Re: Secure Hidden Service (was: Re: ... Illegal Activity As A Metric ...))
Previous by thread: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.
Next by thread: Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.
Index(es):
- Author
- Thread