tracking locally originated traffic from an exit node ... ?
John Case
case at SDF.LONESTAR.ORG
Tue Aug 3 20:20:25 UTC 2010
If I run a relay with no exit policy at all:
reject *:*
and I personally, as a logged in local user of the system, initiate
traffic (like, say, download the wikileaks torrent or posting on a website
using lynx, or whatever), I suspect that traffic sticks out VERY clearly
to an outside observer ... there's nothing but SSL encrypted traffic going
to the ORport and DIRport, and then all of a sudden there is plain old
HTTP going to non-tor relays. Very clearly this is non-tor traffic and is
"interesting" to an observer.
However, if I run a relay with a relaxed exit policy, and I as a logged
in, local user of the system initiate traffic on ports that are open for
exit, isn't that traffic very well obfuscated to an outside observer ?
Note that this is not the common "can I use fewer hops" question, which
has the usual answer RE: correlation attacks. That situation involves an
observer trying to prove a positive. This is the opposite - an outside
observer would need to prove a negative: "this traffic I see coming out of
the exit WAS NOT caused in any way by the tor traffic I see using it as an
exit"
So ... if I've got a 5 or 10 mbps exit node with a healthy list of
connections, can I use lynx locally to browse anonymously ?
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list