[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] SocksPort: Circuit isolation is not Exit isolation

On 9/11/12, grarpamp <grarpamp@xxxxxxxxx> wrote:
>> If anonAccountA and anonAccountB are run by different users, I'd
>> expect them to use the same exit 1/N of the times that they both log
>> in.
>> But if, over time, I see that anonAccountA and anonAccountB both
>> sometimes use some of the same exits, but they never use the same exit
>> at the same time, I can conclude that they are run by the same user,
> Yes I see that analysis clear for the pure anon account, 1/N, situation :)
> It seemed that with some non pure anon parameters/patterns that
> isolating exit might be better than using the 1/N odds. Currently Tor
> exit is also not near to 1/N selection odds.

This makes choosing each circuit's exit node independently even more important.

> If I am jane.red1@, jane.red2@, and jane.red3@, all with Mac browser
> at 04:00hr via a smaller curve set of exit IP's... it may be an easier
> guess

Jane Red is hosed regardless of her exit-node distribution:

> than if I am jeff4@ with Mac, greenshoes@ with Win, and sophie@ with
> BSD at tea time via 1/N with the "not at the same time" behavior.
> *At least for the casual log observer. Which (popular) sites are thought
> to be casual vs. statistical observers is also to consider in choice of
> defense style.

The casual log observer will see that all three have, at some time,
connected from IP addresses whose reverse-DNS strings contain âtorâ,
and decide based on that that they are all the same person.  And if
you cause them any trouble, they may hand their logs over to a
statistical log observer.

> Also, maybe Tor has cases for fuzzy logic.

This sentence seems about as relevant to the rest of your message as a
fruit bat.

Robert Ransom
tor-talk mailing list