[tor-talk] !!! Important please read. !!!

Andreas Krey a.krey at gmx.de
Wed Jan 8 12:22:27 UTC 2014


On Wed, 08 Jan 2014 11:25:02 +0000, Mark McCarron wrote:
...
> In regards to identifying Tor users, this is more simple than anyone imagines.

No, it isn't.

> A simple DB at an ISP recording IP addresses of those connecting to Tor nodes is all it takes.

Not all tor nodes are publicly known.

> In fact, the EU mandates that this data be held for 2 years:
> http://en.wikipedia.org/wiki/Telecommunications_data_retention#European_Union

No, it doesn't. The requirement is for access ISPs to log the association
between user and ip addresses over time, and for email/voip providers
to log all mail transfer/voip connections. Access providers are not
required to log each individual TCP connection, and that would be needed
for finding out even regular guard users.

> That data can be correlated with access to hidden services and other websites,

This, to the extent that it is actually true (namely that you can
correlate the times a person is online with the times a given persona
seems to interact with a webservice), is valid for any possible
anonymization network that provides interactive access to the web.

> so we know for a fact that Tor is extensively compromised at present and provides no anonymity as it fails to deal with traffic analysis.

In a fully infiltrated network anonymous communication is impossible.
So what are you aiming at?

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800


More information about the tor-talk mailing list