Tor operator raided in Finland

dr._no at dr._no at
Sun Jan 27 17:31:03 UTC 2008


> ... As "dr no" pointed out, 
> many sites log only the IP address, not any Forwarded-For or similar 
> headers. So while those proxies cannot be *trusted* to provide any level 
> of obscurity or anonymity, they *might* with luck proove to be a dead 
> end (or at least a serious obstacle) for investigations. Especially if 
> they are in another country.
> Again, just to make sure noone misunderstands it: none of this provides 
> any security (for the tor node operator) for certain. But it decreases 
> your chances to get harrassed by law enforcement. Maybe just slightly, 
> but it does.

Yes and because in germany there is no logging at the proxy servers (maybe in  2009
this will change) it increases my chance significant.

And another point is that the HTTP headers can be simply faked (filled with the content you
want) and send from via an open proxy (which does not modify the headers), and that the 
headers are not unique: When i download with wget and specify a proxy, the transparent 
proxying produces TWO X-Forwarded-For-Headers, not a concatenation!
So logging and evaluating the HTTP headers makes things more complicated but not more safe
for identification. I think that switching from "identification" via TCP/IP IP number to header number(s) 
would cause mass abuse via open proxies and would be used for indirect DDNS attacks with the
TCP/IP IP number of the victim in the header(s), e. g. for blacklisting. 


More information about the tor-talk mailing list