[tor-talk] Tor Weekly News — October 23th, 2013

Thu Oct 24 21:42:32 UTC 2013

On 10/24/2013 2:57 PM, Michael Wolf wrote:
> It looks like you grossly misunderstand how Tor works.  The only node
> that can see your browser "fingerprint" is the exit node.  The problem
> that Entry Guards are meant to solve is laid out in the very first
> paragraph of the FAQ you linked:
>
>> Tor (like all current practical low-latency anonymity designs) fails
>> when the attacker can see both ends of the communications channel. For
>> example, suppose the attacker controls or watches the Tor relay you
>> choose to enter the network, and also controls or watches the website
>> you visit. In this case, the research community knows no practical
>> low-latency design that can reliably stop the attacker from
>> correlating volume and timing information on the two sides.
> In other words, if I can observe the pattern of traffic coming from your
> IP address at a particular time, and simultaneously observe that pattern
> at an exit node or website, then I can assume the traffic at the exit
> belongs to you.  It doesn't matter that there are multiple layers of
> encryption along the way -- the attack doesn't look at the contents of
> the traffic, just the volume and timing of it.  Having Entry Guards
> helps, but does not completely solve this problem.
>
> In regards to being "noticed once" -- if the site you are visiting is
> being watched by your government, then being noticed just once may be
> cause for them to watch you more closely.  If you're posting data to
> wikileaks, having your government notice this could constitute a "very
> bad thing".  That is just one example.
>
>
Thanks for the details.  Of course you're correct about being noticed 
once, posting or d/l _certain data_ from certain sites (being watched).  
Question - for average users in "free" societies, if you're "noticed" 
once visiting a  site like wikileaks (legal in most countries) by a 
formidable adversary (just visit - not post, download, etc.), & they 
reasonably confirmed the entry traffic & exit traffic are the same  
(volume & timing), the assumption is they put all visitors on a watch list?

I'm asking - for everyone that mistypes, is curious about a news story 
or chooses the wrong URL address (Tor & non Tor users), they'll then 
gather all data for all accounts, of any type, of those people from then 
forward?

If they saw the IP address you came from to the entry node & you did 
something they were *really* interested in AND had the authority, I 
guess they could "request" from your ISP, who used that address on that 
date & time.
That is of utmost concern if you're Assange or Snowden; such use is the 
primary concern of Tor Project.
For avg users, is it a huge concern (unless things change a lot - & they 
could)?

Probably 99+ % of Tor users don't post on wikileaks or release stolen, 
classified documents.  For those that do, I'd guess they really should 
use something with / in addition to TBB (or instead of;  their own 
strong encryption, carrier pigeon).
I hope if you're in life or freedom threatening use of Tor (with its 
current limitations / weaknesses), that you *don't* access the network 
straight from your main, commercial ISP.

Even for a one time whistle blower of a small co., is it likely someone 
would 1) be watching the exact entry / exits you used, AND 2) have the 
authority to track you down and care enough to do so?
Do most gov'ts care about reporting sexual harassment at Bob's Broom 
Factory or who wishes to remain anonymous when data searching on male 
impotence?

I don't grossly :) misunderstand how Tor network works, though I'm no 
expert, like most users.  Certainly unsure how fingerprinting figured 
into adversaries controlling / watching entry & exit nodes, etc.