No subject
Tue Mar 1 03:45:00 UTC 2011
webproxysite-1.net will be able to quickly tell which client initiator
and responding server are on the same circuit and know what you are
doing. This has long been recognized in theory and simulation, and
more recently experimentally shown on the Tor network for some cases.
See
http://www.onion-router.net/Publications.html#locating-hidden-servers
But worse, s/he doesn't need to be malicious or the site be
compromised. An external attacker just watching the network
connection of webproxysite-1.net can do the same attack about as
well. The second case thus reduces to the security of a single hop
proxy.
HTH,
Paul
--
Paul Syverson () ascii ribbon campaign
Contact info at http://www.syverson.org/ /\ against html e-mail
More information about the tor-talk
mailing list