[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposition: Applying an AONT to Prop224 addresses?



On Mon, Apr 03, 2017 at 10:48:26AM -0400, Ian Goldberg wrote:
> The other thing to remember is that didn't we already say that
> 
> facebookgbiyeqv3ebtjnlntwyvjoa2n7rvpnnaryd4a.onion
> 
> and
> 
> face-book-gbiy-eqv3-ebtj-nlnt-wyvj-oa2n-7rvp-nnar-yd4a.onion
> 
> will mean the same thing?

Did we? I admit that I haven't been paying enough attention to anything
lately, but last I checked, we thought that was a terrible idea because
people can make a bunch of different versions of the address, and use
them as tracking mechanisms for users. (For example, I put two versions
of the same address on my two different pages, and now when somebody goes
to that onion address, I can distinguish which page they came from. In
the extreme versions of this idea, I give a unique version of my address
to the target, and then I can spot him when he uses it.)

Ultimately the problem is that the browser is too good at giving away
the hostname that it thinks it's going to -- in various headers, in
cross-site isolation, etc etc.

So, if we have indeed decided to allow many versions of format for
onion addresses, I hope we thought through this attack and decided it
was worth it. :)

--Roger

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev