[tor-talk] Better Privacy for Tor Node Operators

cmeclax-sazri cmeclax-sazri at ixazon.dynip.com
Mon Apr 25 00:50:59 UTC 2011


On Sunday 24 April 2011 20:24:07 tagnaq wrote:
> On 2011-01-29 Alice decides to create a new example.com account
> (alice at example.com) using her home IP address - the same as her Tor node
> is using [86.59.30.36] . (Alice is not using Tor for browsing the web
> but she uses Torbutton in Transparent mode - I'm just mentioning this to
> make clear that beside the IP address there is not much identifying
> information)
>
> On 2011-03-13 (and several IP's) later Alice (now browsing with
> [38.229.70.37]) wants another example.com account and again visits their
> website. The Tor node is still running. example.com would like to know
> if Alice did already create an account in the past.
>
> example.com performs the following steps to answer its question:
> 1. IP address to Tor node fingerprint lookup
> 2. fetch all IP addresses that the Tor node (gathered in step 1) ever had
> (one of the obtained records is: 2011-01-29 86.59.30.36)
> 3. look for matching IP addresses (comparing list gathered in step 2
> with their own database)
> MATCH: 2011-01-29 86.59.30.36 => created: alice at example.com
>
> Now example.com will kindly ask Alice if she lost her password for
> alice at example.com ;)

The obvious way Alice can fix that is to set up the example.com account with 
Tor. Then example.com will see Alice coming from an exit node and will have 
no idea where Alice really is.


More information about the tor-talk mailing list