[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #26799 [Core Tor/Tor]: dir-spec: specify failure modes for the bandwidth-file-headers vote line
#26799: dir-spec: specify failure modes for the bandwidth-file-headers vote line
----------------------------------+------------------------------------
Reporter: teor | Owner: teor
Type: defect | Status: closed
Priority: Medium | Milestone: Tor: 0.3.5.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution: fixed
Keywords: tor-bwauth, fast-fix | Actual Points:
Parent ID: #3723 | Points:
Reviewer: dgoulet | Sponsor:
----------------------------------+------------------------------------
Changes (by nickm):
* status: merge_ready => closed
* resolution: => fixed
Comment:
merged!
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26799#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
- Prev by Author:
[tor-bugs] #26677 [- Select a component]: 2015-03-01 16:11 GMT+09:00 Lodewijk andré de la porte <l at odewijk.nl>: > Of course it's possible. It's way harder than just, you know, regular > tracking! Cloudflare probably has advanced tracking in order to determine > the likelihood of being spam. Cloudflare also gets headers and IP > addresses, in addition to having many access points already betray the user > a little bit. The NSA only has to make sure to listen to every Cloudflare > in and output, and they'll get a ton of decent info. > Oh, I'm sorry, I didn't notice you meant this as tor-specific. That sure makes it a more difficult question. I think there is little information to go on, given many users use a single Tor exit node, and if all goes well that information should be inseparable. NoScript makes it much harder to see what happens on-page, without noscript there's a lot more profiling info (mouse movement, typing rates, scrolling, those sorts of habits). One could investigate if cloudflare can use a tracking-cookie (or similar) to combine visits from a single user, as that would give a lot more profiling opportunities. I assume every request passes through cloudflare, not just the first, so site-usage should give a much better profile than the initial captcha. Once you've found all the side-channels and their "discerning datapoint quantity" you could calculate how often the users of a single tor node are separable. The data is more complex, sadly, for a full observer, as there's far more information to go on. A partial or near-full network observer can combine timing attacks and the like with information gathered here.
- Next by Author:
Re: [tor-bugs] #26950 [Metrics/Website]: Remove "Fraction of relays reporting onion-service statistics" graph
- Previous by thread:
Re: [tor-bugs] #26799 [Core Tor/Tor]: dir-spec: specify failure modes for the bandwidth-file-headers vote line
- Next by thread:
Re: [tor-bugs] #26389 [Obfuscation/meek]: meek-client keep roundTripRetries on shutdown
- Index(es):