[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Building tracking system to nab Tor pedophiles
On Wed, Mar 07, 2007 at 02:14:33PM -0600, Mike Perry wrote:
> Thus spake Freemor (freemor@xxxxxxxx):
>
> > I think what needs to be done here is to create a FAQ or other standard
> > document that will 1.) inform the vastly misinformed public. 2.) list
> > places and ways they can make a difference.
>
> Excellent post, even if slight off-topic.
I don't think it was off topic. To repeat what I already said in
an individual response.
I think it was not OT since your post addressed the reality of a
situation for which people were designing Tor modifications and
deployments and you evaluated their applicability to intended
application.
> As suggested on IRC, I think
> the Tor documentation strategy needs to be rethought. Most people
> barely read the download page, let alone the reems of FAQ questions.
>
> We've had two "attacks" now on Tor that rely on unmasking users who
> use Tor incorrectly. One of them actually published a paper and had
> decent results at unmasking this way (mostly Asian users who probably
> can't read our english mailinglist or english FAQ), and the media
> still doesn't seem to understand that these attacks are well
> documented.
>
> The Tor download page should have a concice "Things to know before
> downloading" section that lists a few key points about the most easy
> ways your identity can be revealed through Tor. Something like
>
> Things to know before you download Tor:
> - Browser plugins can be made to reveal your IP.
> - This includes Flash, Java, ActiveX and others.
> - It is recommended that you use FireFox and install the extensions
> NoScript, QuickJava, and FlashBlock to control this behavior if
> you must have these plugins installed for non-Tor usage.
> - Make sure your browser settings have a proxy listed for ALL
> protocols (including Gopher and FTP).
> - For further details, please consult the Tor FAQ.
>
I had advocated something similar some time ago. Actually what I proposed
was that some sort of test server be set up. I know there are already
many of them, but I was thinking that there could be testing stages
in an install wizard (or a post-install testing wizard)
that takes the user through various tests and what to do in response
to results. I know a lot of work, maybe another suggestion to be
listed on the volunteer page or a candidate for summer of code?
> Maybe this will stop the same attack from hitting the blogosphere
> every 2 months. Even better, maybe it will stop that attack from
> actually working..
>
You dream big (not sure which is the bigger dream ;>)
aloha,
Paul