So TOR is NOT really anonoymous!?

Paul Syverson syverson at itd.nrl.navy.mil
Fri Aug 19 18:32:08 UTC 2005


Right. In case it is useful, the simple metaphor that I have
used to express this for many years is that

  Onion Routing (Tor) is about anonymizing the communication pipe, not
  the data that goes through it.

Less precise, but perhaps easier to grasp.

Note also that this separation is intentional. There are circumstances
where one would like to sanitize the data, and times when one would
like to be authenticated, e.g., when connecting via ssh to a limited
access system.

aloha,
Paul

On Fri, Aug 19, 2005 at 02:03:59PM -0400, phobos at rootme.org wrote:
> Tor only takes care of the IP address, what you send over that link also
> needs to be cleansed.  Java/Javascript run locally in your browser,
> therefore info about your local machine is available to both java
> applets and javascript.  Tor does not cleansed this, nor should it.
> 
> This link explains this as well:
> http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#TotallyAnonymous
> 
> On Fri, Aug 19, 2005 at 08:54:28AM +0200, uhuru at sinapsi.org wrote 0.5K bytes in 18 lines about:
> : I set up TOR (the onion router) and privoxy hoping to browse anonymously,
> : I am using Mozilla Firefox 1.0.6 and if I visit other site such as:
> : http://www.showmyip.com/
> : TOR works properly.
> : 
> : BUT if I check here:
> : http://www.inet-police.com/cgi-bin/env.cgi
> : they show my REAL IP  address!
> : 
> : So TOR is NOT  really anonoymous!?
> : 
> : later on I discovered by myself that if I disable java in Firefox
> : settings then even
> : http://www.inet-police.com/cgi-bin/env.cgi
> : cannot read my Real IP address.
> : So I have to keep java always turned off?
> : 
> : -
> 
> -- 



More information about the tor-talk mailing list