[tor-bugs] #16995 [BridgeDB]: Splitting the pool of bridges by seperating people depending on typing cadence
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Sep 7 12:47:36 UTC 2015
#16995: Splitting the pool of bridges by seperating people depending on typing
cadence
-----------------------------+------------------
Reporter: elypter | Owner: isis
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: BridgeDB | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------+------------------
Comment (by elypter):
i know how this sounds but it would only be useable for tracking if this
fingerprinting takes place in a second place and its also in the hands of
the bridgedb page which if you dont trust could do much worse things.
the only way an external attacker could take advantage of this is if he
has most of the bridges and does a sophisticated reverse engeneering
attack on the neuronal network. and then he can only find out which group
of bridges a user probably uses. btw there is no way to protect from
typing cadance fingerprinting anyway if the client uses javascript on
other websites.
that being said i know that there is a trade off between deanonymisation
and bridge protection. i tried to find something that is difficult to fake
and cannot easily found out by an attacker who is watching the users on
the network or with cooperating websites.
and the way it is now is far worse for anonymity btw. if an attacker is
able to inject packets with fake ip adresses into the internet he would be
able to find out which bridges are being sent to each ip address. so if he
controls the node after the bridge of a connected user there is only a
small set of ip addresses the user could probably have.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16995#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list