[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Basic questions from new user but...

On 5/11/2012 7:21 AM, Maxim Kammerer wrote:
On Fri, May 11, 2012 at 2:36 AM, Joe Btfsplk<joebtfsplk@xxxxxxx>  wrote:
Isn't this approach very much a double edged sword?  From the link:
However, we recommend that even users who know how to use NoScript leave
JavaScript enabled if possible, because a website or exit node can easily
distinguish users who disable JavaScript from users who use Tor Browser
bundle with its default settings (thus users who disable JavaScript are less
It may be true that changing settings makes one's profile different, but
from all I've ever read, java script is responsible for more malicious
browser attacks than anything.  That's not so good.
Javascript atacks are, however, out of the scope for anonymity
research. The anonymity set reduction above, while purely theoretical
and of no practical significance, is in that scope. It's a typical
case of project focus shifting priorities to user's disadvantage.
Moreover, if many users turn Javascript off often, it is quite
possible that turning it off offers more (theoretical) anonymity due
to the possibility of fingerprinting users' browser versions by
browsers' respective Javascript quirks.

Can someone explain to non-Tor network experts in layman's terms (25 words
or<  ) :D, what exactly some one / entity HAS to be able to do in order to
profile that Joe has java script disabled,&  then be able to tie it to MY
(dynamic) IP address - at * that * moment (an address that could change
anytime), or to me physically, sitting here at 123 Oak St., Bumfk, ND?
It is not possible — anonymity set reduction only shifts your
anonymity towards pseudonymity. I would guess that most browser users
do not need true anonymity, however, and are fine with pseudonymity.

Then, what are the REAL world odds that out of all the exit nodes traffic,
which are constantly changing users, that someone can monitor enough nodes
AND be able to tie it directly to ONE specific person, w/ a real name&
physical address?  Are we talking that any 12 yr old w/ the right, free
software can do this, or "theoretically"?
Thanks Maxim. You may be 100% correct. No disrespect, but these questions - esp. one about changing TBB setting(s) like js or using an addon not included in the package (assuming an addon doesn't "leak") seem like PRETTY important questions.

I think one of the devs w/ expertise in that area of Tor should answer the * real world explanation & chances * how those actions would realistically allow someone / entity to positively identify a PERSON, or lead them to that person's door, so users can understand. Explanation should also probably be in FAQs.

I don't know your background or if you're associated w/ Tor Project in any way - I mean no disrespect.
tor-talk mailing list