[tor-talk] "If you have access to certain tools, you can completely ignore Tor."
Chris
tmail299 at errtech.com
Mon Dec 19 00:17:56 UTC 2011
> From:
> http://www.wired.com/vanish/2009/09/interview-with-pi-steve-rambam-evan-can-be-found/
>
> Wired: How much can one do with IP addresses that have been run through
> Tor?
>
> SR: If you have access to certain tools, you can completely ignore Tor.
> You
> can trap your subject’s IP address without wasting your time busting
> through Tor. Without revealing too many tricks, for example, it’s easy
> enough to send someone an e-mail that broadcasts location info back to a
> server. Someone operating a trap website can grab Evan’s cookies and see
> his entire browser history and his current IP address. With only a minimal
> amount of work, you can determine where Evan is viewing a website from.
>
> Does this make any sense? I assume that what the PI means is that if you
> send an e-mail to a non-webmail client (like Thunderbird) which does not
> go
> via Tor, then the IP can be determined when it loads the 1x1 HTML pixel
> from the website. However, if the victim uses webmail then surely all
> responses would go via Tor?
>
> Or does he mean something else?
This is exactly why users should be running through an account where
non-Tor traffic is blocked. Such attacks can't be performed as the
application either goes through Tor or does not get out to the Internet at
all.
The problem right now is that the TBB makes it difficult to set it up this
way. Tor and the TBB (firefox, plug-ins, etc) need to be separate pieces
in order to have then run under different user accounts with different
levels of permissions.
There also needs to be better commercial ties for Tails or any other
similar distribution so that users can easily resolve compatibility
issues.
More information about the tor-talk
mailing list