General anonimity/privacy question when using TOR

Glymr Darkmoon glymr_darkmoon at ml1.net
Fri Feb 3 01:53:49 UTC 2006


the problem is that the servers would have to be relatively widely
geographically distributed, and the cost of running them, compared to
the value of the data of the, at present, probably less than 20k users
on tor, is not practical. i think perhaps you are not aware of the base
asking salary of network espionage operators, nor the cost of running
servers. sure, many governments DO waste inordinate amounts of money on
various half-baked ways of catching bad guys, but a simple, current
example, the us government recently spent $15bn on a system to catch bad
guys travelling on planes, and caught a whole 1000 of them, none of them
actually terrorists. 15 mill per catch...

On Thu, 2 Feb 2006 10:44:39 -0600, "patgus" <patgus at stonewwwall.org>
said:
>  So, how secure is the first hop from client to first-tor-server?
>  Assuming the "clever party" sets up multipe servers again, couldn't they
>  intercept a fair portion of the original communication? Unless everyone
>  is running a server as well.
>  Of course this all becomes somewhat less of a weakness when there are
>  10000+ servers. At the moment 50 could intercept a good bit I would
>  think. 
> 
> On Thu, 2 Feb 2006 10:07:20 -0600
> patgus <patgus at stonewwwall.org> wrote:
> 
> >  Another detail that could comprimise ones anonymity is using webmail or regular email through tor. The mail could be observed as it comes in or out of the tor network unless this is done over SSL. Then an email addresses, passwords, and the like could all be compromised as well as the communications read. Sure all of a persons email may not always come out the same exit node, but a clever party wishing to intercapt communications could setup multiple servers, increasing the amount of traffic intercepted, and over a long period of time a fairly significent of data may be gathered, particularly if you use personal details in communications.
> >  If others you are communicatimg with are not secure, neither are you.
> >  
> > On Thu, 02 Feb 2006 07:33:31 -0800
> > "Glymr Darkmoon" <glymr_darkmoon at ml1.net> wrote:
> > 
> > > this thing just makes me think about how much extra anonymity one
> > > acquires by running a server as well as using it as a client. especially
> > > so for persistent connections like irc, where multiple other users
> > > connections muddle up the certainty about who is originating what. it
> > > also occurred to me a little while ago that running a server also means
> > > you can get away with now and then connecting without the proxy and
> > > again it still gets lost in the multiple other similar connections that
> > > the server originates.
> > > 
> > > On Thu, 2 Feb 2006 09:01:03 -0500, force44 at Safe-mail.net said:
> > > > I copy below a part of the FAQ of JAP, my question is "Does it apply also
> > > > to TOR?". In other words, what is better to improve a TOR user's
> > > > anonymity: Stay connected a long time (or never disconnect, if he uses a
> > > > cable, DSL etc connection), or often disconnect (to change his IP, for
> > > > example) ?
> > > > 
> > > > Thank you!
> > > > 
> > > > 
> > > > ***
> > > > 	
> > > > From http://anon.inf.tu-dresden.de/fragen/konzept_en.html#K7
> > > > 
> > > > Why does frequent connecting and disconnecting of the internet connection
> > > > reduce the level of anonymity?
> > > > 
> > > > Someone observing your computer would know when you are connected to the
> > > > internet or to the anonymization service. If this observer also observes
> > > > the first mix in the anonymization service, he would see connections and
> > > > disconnections there as well. He could then draw conclusions as to which
> > > > user is visiting which website.
> > > > 
> > > > Let us assume the following example:
> > > > 
> > > >     * It is known that a user is downloading a large file (for example,
> > > >     50MB).
> > > >     * It is also known that another user is only surfing.
> > > > 
> > > > The observer also sees that one of them frequently connects and
> > > > disconnects from the internet while the other is constantly connected.
> > > > Then it's clear that the one who is constantly connected is downloading
> > > > the file and the other one is the one surfing. Somit ist klar, wer von
> > > > beiden die Datei herunterlädt und wer nur surft.
> > > > 
> > > > The problem remains even with many users. Statistical averages can be
> > > > made of people who were logged in at the same time. Thus it becomes
> > > > relatively easy to determine who did what at what time.
> > > > 
> > > > ***
> > > -- 
> > >   Glymr Darkmoon
> > >   glymr_darkmoon at ml1.net
> > > 
> > > -- 
> > > http://www.fastmail.fm - Access your email from home and the web
> > > 
> > > 
> > > 
> > 
> > 
> > 
> > 
> 
> 
-- 
  Glymr Darkmoon
  glymr_darkmoon at ml1.net

-- 
http://www.fastmail.fm - The way an email service should be



More information about the tor-talk mailing list