[tor-talk] "If you have access to certain tools, you can completely ignore Tor."

Joe Btfsplk joebtfsplk at gmx.com
Mon Dec 19 03:02:37 UTC 2011


On 12/18/2011 5:33 PM, Matthew R wrote:
> From:
> http://www.wired.com/vanish/2009/09/interview-with-pi-steve-rambam-evan-can-be-found/
>
> Wired: How much can one do with IP addresses that have been run through Tor?
>
> SR: If you have access to certain tools, you can completely ignore Tor. You
> can trap your subject’s IP address without wasting your time busting
> through Tor. Without revealing too many tricks, for example, it’s easy
> enough to send someone an e-mail that broadcasts location info back to a
> server. Someone operating a trap website can grab Evan’s cookies and see
> his entire browser history and his current IP address. With only a minimal
> amount of work, you can determine where Evan is viewing a website from.
>
> Does this make any sense?  I assume that what the PI means is that if you
> send an e-mail to a non-webmail client (like Thunderbird) which does not go
> via Tor, then the IP can be determined when it loads the 1x1 HTML pixel
> from the website.  However, if the victim uses webmail then surely all
> responses would go via Tor?
>
> Or does he mean something else?
I didn't read the entire article yet, but have read of some similar 
claims like
> Someone operating a trap website can grab Evan’s cookies and see
> his entire browser history
Even if partly true, this is one reason I don't understand why TBB has 
default settings to allow all cookies, seeing as how its main goal is 
anonymity.  Devs are very concerned about not writing anything to cache, 
but not concerned about cookies.

Tor wasn't developed for constant, everyday use by millions w/ the idea 
that anonymity could be provided for the masses.  It probably never will 
achieve that.  Authorities & hackers will always be looking for holes.  
People much smarter than me say if you're that concerned about true 
anonymity, you'd better encrypt everything.  Cookies & browsing history 
are another matter.

Under current US & other nations' laws, it's possible that gov'ts have 
already forced developers of any software -  incl. Tor - to put in 
backdoors.  And in fact, say it's illegal for the devs of any software 
to outright disclose such.  In general, most gov'ts aren't going to 
allow devising ways that criminals can easily & completely avoid 
detection.  (No, Tor isn't only used by criminals - but gov'ts don't 
care).  And if they determine such software / networks could provide 
99.9% anonymity, w/ no way for them to crack it or no backdoors, they'd 
probably outlaw it.

I don't know that it has happened w/ Tor, but it certainly has in other 
cases.  If you want true anonymity, don't use the internet, unless 
you're very well educated in all things related to internet anonymity 
(hard for one person to do), and taking extreme, well founded measures 
to thwart those seeking to identify you or your location, gather info, 
etc.  Plus, it would be a full time job constantly testing your methods 
& keeping up w/ newest ways others could crack your system.  A handful 
of people might have the ability (& almost none the time) to do this.
> if you send an e-mail to a non-webmail client (like Thunderbird) which does not go
> via Tor, then the IP can be determined when it loads the 1x1 HTML pixel
> from the website
Could you clarify the question?  As Phillip mentioned, Tbird can be 
Torrified, but I've never been impressed or convinced that the methods 
are fool proof by any means.
Web beacons (web bugs) can be stopped in a few ways, that is probably 
more reliable than any overall anonymity on the web.



More information about the tor-talk mailing list