Tracking with etags
Lasse Øverlier
tor at zone.no
Tue Feb 14 16:54:32 UTC 2006
Sorry,
Tor does not protect information inside the protocols it carries. Users
must take care themselves when using unscrubbed information, or if they
are mixing anonymized traffic with other traffic since the connections
might share the same exit node.
See: http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ExitEavesdroppers
and http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#TotallyAnonymous
- Lasse
Adam Gleave wrote:
> First, sorry if this has been mentioned before. I've searched and
> haven't found any mention, but it seems too obvious to have not
> already been reported.
>
> Basically, client gets etag from server, client sends etag to server
> next time it connects, server can associate client.
>
> Might not sound significant, but if Gmail - for instance - gives
> people Etag's, they - and anyone listening in on the connection - can
> associate unanonnimized accounts with anonymized accounts.
>
> I tested this on tor + privoxy and it worked.
More information about the tor-talk
mailing list