[tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.
Bobby Brewster
bobbybrewster203 at yahoo.com
Mon Jun 30 21:15:14 UTC 2014
They are identified as a person of interest by visiting
target_website.com (where target_website.com might be an
'extremist'
site or a webmail box that has attracted attention) and
then *in real
time* code injection and redirection can be used to attack
the person's
computer. So 'identifying an individual Tor user' means
'identifying as
a person of interest, new or previously encountered but not
yet
traced'.
GD
-----------
But how can the person's computer be identified since all that is seen is the connection between the exit node and the destination target_website.com
The point, surely, is that real time code injection should not be possible since no-one can trace the connection from the exit node back to the user.
I am not saying that the user cannot be traced e.g. if he logs into his own webmail account via Tor; I am saying that the trace should not occur due to the Tor network.
Does this make sense?
More information about the tor-talk
mailing list