Tor operator raided in Finland

dr._no at dr._no at
Sun Jan 27 11:55:43 UTC 2008


> > if you use a transparent proxy plus a provider proxy as parent proxy for
> > your TOR server, you can simply avoid that ;-) To be absolutely sure, you
> > can restrict the TOR output to port 80 and and use transparent http
> > proxying to port 80, plus a provider proxy as parent proxy.
> I disagree here. Provider proxies usually keep their request logs and they are 
> fully able to find out from which customer IP the request originated. So, 
> sure, the police asks the provider for the customer of their proxy IP. The 
> provider will not be dumb and notice, that is one of his own IPs and will 
> quite probably tell the police about the proxy and that they can find out the 
> customer (and eventually do so).
> You add a layer of obscurity, but you are not absolutely sure.

yes, not absolutely sure, but up to now only the TCP/IP IP number has been used
against TOR server operators in germany, and as far as i know also in other countries.

And i'm using two dozens of IP numbers in the headers of my transparent proxy, so
it's neither easy nor sure to find the IP number of my internet connection.
Another point is that logging has several flaws: The provider proxies do have 
thousands of connections per second, but the clocks of the computers have an
accuracy of about one minute. So without connection tracking, e. g. with cookies,
digging in the log data yields unsure results, especially with dynamic IPs.


More information about the tor-talk mailing list