[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Building tracking system to nab Tor pedophiles

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Building tracking system to nab Tor pedophiles
From: Paul Syverson <syverson@xxxxxxxxxxxxxxxx>
Date: Wed, 7 Mar 2007 15:42:43 -0500
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Wed, 07 Mar 2007 15:42:57 -0500
In-reply-to: <20070307201433.GA568@fscked.org>
References: <20070306.212839.5614.2379109@webmail02.lax.untd.com> <1173287962.21997.32.camel@localhost> <20070307201433.GA568@fscked.org>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.4.2.1i

On Wed, Mar 07, 2007 at 02:14:33PM -0600, Mike Perry wrote:
> Thus spake Freemor (freemor@xxxxxxxx):
> 
> > I think what needs to be done here is to create a FAQ or other standard
> > document that will 1.) inform the vastly misinformed public. 2.) list
> > places and ways they can make a difference.
> 
> Excellent post, even if slight off-topic.

I don't think it was off topic. To repeat what I already said in
an individual response.

  I think it was not OT since your post addressed the reality of a
  situation for which people were designing Tor modifications and
  deployments and you evaluated their applicability to intended
  application.

> As suggested on IRC, I think
> the Tor documentation strategy needs to be rethought. Most people
> barely read the download page, let alone the reems of FAQ questions.
> 
> We've had two "attacks" now on Tor that rely on unmasking users who
> use Tor incorrectly. One of them actually published a paper and had
> decent results at unmasking this way (mostly Asian users who probably
> can't read our english mailinglist or english FAQ), and the media
> still doesn't seem to understand that these attacks are well
> documented.
> 
> The Tor download page should have a concice "Things to know before
> downloading" section that lists a few key points about the most easy
> ways your identity can be revealed through Tor. Something like
>  
> Things to know before you download Tor:
>  - Browser plugins can be made to reveal your IP. 
>  - This includes Flash, Java, ActiveX and others. 
>    - It is recommended that you use FireFox and install the extensions 
>      NoScript, QuickJava, and FlashBlock to control this behavior if
>      you must have these plugins installed for non-Tor usage.
>  - Make sure your browser settings have a proxy listed for ALL
>    protocols (including Gopher and FTP).
>  - For further details, please consult the Tor FAQ.
> 

I had advocated something similar some time ago. Actually what I proposed
was that some sort of test server be set up. I know there are already
many of them, but I was thinking that there could be testing stages
in an install wizard (or a post-install testing wizard)
that takes the user through various tests and what to do in response
to results. I know a lot of work, maybe another suggestion to be
listed on the volunteer page or a candidate for summer of code?

> Maybe this will stop the same attack from hitting the blogosphere
> every 2 months. Even better, maybe it will stop that attack from
> actually working..
> 

You dream big (not sure which is the bigger dream ;>)

aloha,
Paul

Follow-Ups:
- Re: Building tracking system to nab Tor pedophiles
  - From: Jason Edwards
- Re: Building tracking system to nab Tor pedophiles
  - From: Mike Perry

References:
- Building tracking system to nab Tor pedophiles
  - From: Fergie
- Re: Building tracking system to nab Tor pedophiles
  - From: Freemor
- Re: Building tracking system to nab Tor pedophiles
  - From: Mike Perry

Prev by Author: Re: one less onion skin
Next by Author: Boulder Tech report on low-resource routing attacks on Tor
Previous by thread: Re: Building tracking system to nab Tor pedophiles
Next by thread: Re: Building tracking system to nab Tor pedophiles
Index(es):
- Author
- Thread