General anonimity/privacy question when using TOR
patgus
patgus at stonewwwall.org
Thu Feb 2 18:29:13 UTC 2006
Oh, I see since every server conects to every other server this is not currently possible without having 10,000 connections. Suppose that is why?
On Thu, 2 Feb 2006 11:18:25 -0600
patgus <patgus at stonewwwall.org> wrote:
> I guess this is already answered in the FAQ though, where it is mentioned that tor does not provide strong anonymity yet.
> Question:
> Why not have all the clients route a tiny bit of traffic by default, which can be increased if you want to serve or you can run a standalone server? Or have the server installed by default to route a tiny bit of traffic. With the tens of thousands of current users there are not tens of thousands of servers.
>
> On Thu, 2 Feb 2006 10:44:39 -0600
> patgus <patgus at stonewwwall.org> wrote:
>
> > So, how secure is the first hop from client to first-tor-server? Assuming the "clever party" sets up multipe servers again, couldn't they intercept a fair portion of the original communication? Unless everyone is running a server as well.
> > Of course this all becomes somewhat less of a weakness when there are 10000+ servers. At the moment 50 could intercept a good bit I would think.
> >
> > On Thu, 2 Feb 2006 10:07:20 -0600
> > patgus <patgus at stonewwwall.org> wrote:
> >
> > > Another detail that could comprimise ones anonymity is using webmail or regular email through tor. The mail could be observed as it comes in or out of the tor network unless this is done over SSL. Then an email addresses, passwords, and the like could all be compromised as well as the communications read. Sure all of a persons email may not always come out the same exit node, but a clever party wishing to intercapt communications could setup multiple servers, increasing the amount of traffic intercepted, and over a long period of time a fairly significent of data may be gathered, particularly if you use personal details in communications.
> > > If others you are communicatimg with are not secure, neither are you.
> > >
> > > On Thu, 02 Feb 2006 07:33:31 -0800
> > > "Glymr Darkmoon" <glymr_darkmoon at ml1.net> wrote:
> > >
> > > > this thing just makes me think about how much extra anonymity one
> > > > acquires by running a server as well as using it as a client. especially
> > > > so for persistent connections like irc, where multiple other users
> > > > connections muddle up the certainty about who is originating what. it
> > > > also occurred to me a little while ago that running a server also means
> > > > you can get away with now and then connecting without the proxy and
> > > > again it still gets lost in the multiple other similar connections that
> > > > the server originates.
> > > >
> > > > On Thu, 2 Feb 2006 09:01:03 -0500, force44 at Safe-mail.net said:
> > > > > I copy below a part of the FAQ of JAP, my question is "Does it apply also
> > > > > to TOR?". In other words, what is better to improve a TOR user's
> > > > > anonymity: Stay connected a long time (or never disconnect, if he uses a
> > > > > cable, DSL etc connection), or often disconnect (to change his IP, for
> > > > > example) ?
> > > > >
> > > > > Thank you!
> > > > >
> > > > >
> > > > > ***
> > > > >
> > > > > From http://anon.inf.tu-dresden.de/fragen/konzept_en.html#K7
> > > > >
> > > > > Why does frequent connecting and disconnecting of the internet connection
> > > > > reduce the level of anonymity?
> > > > >
> > > > > Someone observing your computer would know when you are connected to the
> > > > > internet or to the anonymization service. If this observer also observes
> > > > > the first mix in the anonymization service, he would see connections and
> > > > > disconnections there as well. He could then draw conclusions as to which
> > > > > user is visiting which website.
> > > > >
> > > > > Let us assume the following example:
> > > > >
> > > > > * It is known that a user is downloading a large file (for example,
> > > > > 50MB).
> > > > > * It is also known that another user is only surfing.
> > > > >
> > > > > The observer also sees that one of them frequently connects and
> > > > > disconnects from the internet while the other is constantly connected.
> > > > > Then it's clear that the one who is constantly connected is downloading
> > > > > the file and the other one is the one surfing. Somit ist klar, wer von
> > > > > beiden die Datei herunterlädt und wer nur surft.
> > > > >
> > > > > The problem remains even with many users. Statistical averages can be
> > > > > made of people who were logged in at the same time. Thus it becomes
> > > > > relatively easy to determine who did what at what time.
> > > > >
> > > > > ***
> > > > --
> > > > Glymr Darkmoon
> > > > glymr_darkmoon at ml1.net
> > > >
> > > > --
> > > > http://www.fastmail.fm - Access your email from home and the web
> > > >
> > > >
> > > >
> > >
> > >
> > >
> > >
> >
> >
> >
> >
>
>
>
>
More information about the tor-talk
mailing list