[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Building tracking system to nab Tor pedophiles

On Wed, Mar 07, 2007 at 02:14:33PM -0600, Mike Perry wrote:
> Thus spake Freemor (freemor@xxxxxxxx):
> > I think what needs to be done here is to create a FAQ or other standard
> > document that will 1.) inform the vastly misinformed public. 2.) list
> > places and ways they can make a difference.
> Excellent post, even if slight off-topic.

I don't think it was off topic. To repeat what I already said in
an individual response.

  I think it was not OT since your post addressed the reality of a
  situation for which people were designing Tor modifications and
  deployments and you evaluated their applicability to intended

> As suggested on IRC, I think
> the Tor documentation strategy needs to be rethought. Most people
> barely read the download page, let alone the reems of FAQ questions.
> We've had two "attacks" now on Tor that rely on unmasking users who
> use Tor incorrectly. One of them actually published a paper and had
> decent results at unmasking this way (mostly Asian users who probably
> can't read our english mailinglist or english FAQ), and the media
> still doesn't seem to understand that these attacks are well
> documented.
> The Tor download page should have a concice "Things to know before
> downloading" section that lists a few key points about the most easy
> ways your identity can be revealed through Tor. Something like
> Things to know before you download Tor:
>  - Browser plugins can be made to reveal your IP. 
>  - This includes Flash, Java, ActiveX and others. 
>    - It is recommended that you use FireFox and install the extensions 
>      NoScript, QuickJava, and FlashBlock to control this behavior if
>      you must have these plugins installed for non-Tor usage.
>  - Make sure your browser settings have a proxy listed for ALL
>    protocols (including Gopher and FTP).
>  - For further details, please consult the Tor FAQ.

I had advocated something similar some time ago. Actually what I proposed
was that some sort of test server be set up. I know there are already
many of them, but I was thinking that there could be testing stages
in an install wizard (or a post-install testing wizard)
that takes the user through various tests and what to do in response
to results. I know a lot of work, maybe another suggestion to be
listed on the volunteer page or a candidate for summer of code?

> Maybe this will stop the same attack from hitting the blogosphere
> every 2 months. Even better, maybe it will stop that attack from
> actually working..

You dream big (not sure which is the bigger dream ;>)