[tor-talk] "If you have access to certain tools, you can completely ignore Tor."
Phillip
equusaustralus at gmail.com
Mon Dec 19 01:08:43 UTC 2011
>> From:
>> http://www.wired.com/vanish/2009/09/interview-with-pi-steve-rambam-evan-can-be-found/
>>
>> Wired: How much can one do with IP addresses that have been run through
>> Tor?
>>
>> SR: If you have access to certain tools, you can completely ignore Tor.
>> You
>> can trap your subject's IP address without wasting your time busting
>> through Tor. Without revealing too many tricks, for example, it's easy
>> enough to send someone an e-mail that broadcasts location info back to a
>> server. Someone operating a trap website can grab Evan's cookies and see
>> his entire browser history and his current IP address. With only a minimal
>> amount of work, you can determine where Evan is viewing a website from.
>>
>> Does this make any sense? I assume that what the PI means is that if you
>> send an e-mail to a non-webmail client (like Thunderbird) which does not
>> go
>> via Tor, then the IP can be determined when it loads the 1x1 HTML pixel
>> from the website. However, if the victim uses webmail then surely all
>> responses would go via Tor?
>>
>> Or does he mean something else?
> This is exactly why users should be running through an account where
> non-Tor traffic is blocked. Such attacks can't be performed as the
> application either goes through Tor or does not get out to the Internet at
> all.
>
> The problem right now is that the TBB makes it difficult to set it up this
> way. Tor and the TBB (firefox, plug-ins, etc) need to be separate pieces
> in order to have then run under different user accounts with different
> levels of permissions.
>
> There also needs to be better commercial ties for Tails or any other
> similar distribution so that users can easily resolve compatibility
> issues.
>
It is quite easy to configure Thunderbird to run through tor using
Vidalia, without leaking DNS requests either...then the "received from"
IP address will be the exit node. (instructions here
<https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/EMail#SendingmailusingSMTPthenormalwayoverSSH>)
It's a bit slower of course, but with SSL security, there's no reason
why it wouldn't be just as secure (at least up to your web mail
server)... once it's on the open Internet, it's free for all ;)
More information about the tor-talk
mailing list