[tor-dev] Improving Private Browsing Mode/Tor Browser

[Robert Ransom]

On Thu, 23 Jun 2011 10:10:35 -0700
Mike Perry <mikeperry at fscked.org> wrote:

> Thus spake Georg Koppen (g.koppen at jondos.de):
> 
> > > If you maintain two long sessions within the same Tor Browser Bundle
> > > instance, you're screwed -- not because the exit nodes might be
> > > watching you, but because the web sites' logs can be correlated, and
> > > the *sequence* of exit nodes that your Tor client chose is very likely
> > > to be unique.
> 
> I'm actually not sure I get what Robert meant by this statement. In
> the absence of linked identifiers, the sequence of exit nodes should
> not be visible to the adversary. It may be unique, but what allows the
> adversary to link it to actually track the user? Reducing the
> linkability that allows the adversary to track this sequence is what
> the blog post is about...

By session, I meant a sequence of browsing actions that one web site
can link.  (For example, a session in which the user is authenticated
to a web application.)  If the user performs two or more distinct
sessions within the same TBB instance, the browsing actions within
those sessions will use very similar sequences of exit nodes.


> Or are we assuming that the predominant use case is for a user to
> continually navigate only by following links for the duration of their
> session (thus being tracked by referer across circuits and exits), as
> opposed to entering new urls frequently?
> 
> I rarely follow a chain of links for very long. I'd say my mean
> link-following browsing session lifetime is waay, waay below the Tor
> circuit lifetime of 10min. Unless I fall into a wikipedia hole and
> don't stop until I hit philosophy... But that is all the same site,
> which can link me with temporary cache or session cookies.

The issue is that two different sites can use the sequences of exit
nodes to link a session on one site with a concurrent session on
another.


Robert Ransom