[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor Weekly News — October 23th, 2013



On 10/24/2013 2:57 PM, Michael Wolf wrote:
It looks like you grossly misunderstand how Tor works.  The only node
that can see your browser "fingerprint" is the exit node.  The problem
that Entry Guards are meant to solve is laid out in the very first
paragraph of the FAQ you linked:

Tor (like all current practical low-latency anonymity designs) fails
when the attacker can see both ends of the communications channel. For
example, suppose the attacker controls or watches the Tor relay you
choose to enter the network, and also controls or watches the website
you visit. In this case, the research community knows no practical
low-latency design that can reliably stop the attacker from
correlating volume and timing information on the two sides.
In other words, if I can observe the pattern of traffic coming from your
IP address at a particular time, and simultaneously observe that pattern
at an exit node or website, then I can assume the traffic at the exit
belongs to you.  It doesn't matter that there are multiple layers of
encryption along the way -- the attack doesn't look at the contents of
the traffic, just the volume and timing of it.  Having Entry Guards
helps, but does not completely solve this problem.

In regards to being "noticed once" -- if the site you are visiting is
being watched by your government, then being noticed just once may be
cause for them to watch you more closely.  If you're posting data to
wikileaks, having your government notice this could constitute a "very
bad thing".  That is just one example.


Thanks for the details. Of course you're correct about being noticed once, posting or d/l _certain data_ from certain sites (being watched). Question - for average users in "free" societies, if you're "noticed" once visiting a site like wikileaks (legal in most countries) by a formidable adversary (just visit - not post, download, etc.), & they reasonably confirmed the entry traffic & exit traffic are the same (volume & timing), the assumption is they put all visitors on a watch list?

I'm asking - for everyone that mistypes, is curious about a news story or chooses the wrong URL address (Tor & non Tor users), they'll then gather all data for all accounts, of any type, of those people from then forward?

If they saw the IP address you came from to the entry node & you did something they were *really* interested in AND had the authority, I guess they could "request" from your ISP, who used that address on that date & time. That is of utmost concern if you're Assange or Snowden; such use is the primary concern of Tor Project. For avg users, is it a huge concern (unless things change a lot - & they could)?

Probably 99+ % of Tor users don't post on wikileaks or release stolen, classified documents. For those that do, I'd guess they really should use something with / in addition to TBB (or instead of; their own strong encryption, carrier pigeon). I hope if you're in life or freedom threatening use of Tor (with its current limitations / weaknesses), that you *don't* access the network straight from your main, commercial ISP.

Even for a one time whistle blower of a small co., is it likely someone would 1) be watching the exact entry / exits you used, AND 2) have the authority to track you down and care enough to do so? Do most gov'ts care about reporting sexual harassment at Bob's Broom Factory or who wishes to remain anonymous when data searching on male impotence?

I don't grossly :) misunderstand how Tor network works, though I'm no expert, like most users. Certainly unsure how fingerprinting figured into adversaries controlling / watching entry & exit nodes, etc.
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk