[tor-talk] Awareness for identity correlation through circuit sharing is almost zero.

proper at secure-mail.biz proper at secure-mail.biz
Tue Mar 6 00:20:23 UTC 2012


Thanks for your answer. It's immensely helpful.

<snip>
> Everyone who suggests using BitTorrent over Tor is pointed
> to
> https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea ,
>
> which mentions that issue.  It should be more visible.  Perhaps you
> could
> send a patch to add it to the list of warnings on the download
> page (see
> https://svn.torproject.org/svn/website/trunk/download/en/
> for the source
> files).

I'll look into it.

<snip>
> The torsocks command
> supports a user-specified configuration file
> (read the man page).  The usewithtor
> command does not.
>
> I agree that someone should make configuring torsocks
> easier.

I'll look into it and might request a feature.

> (Note
> that usernames and/or passwords can be used to separate streams,
> too.)

Is this documented somewhere?

>
> > [0] If you redirect your (for anonymous use) browser, your mail

> client, your
> > irc client, etc. to a single SocksPort (standard 127.0.0.1:9050)
> everything
> > may be routed through the same circuit and exit node. Your
> real IP remains
> > hidden but (most of) your activity can be correlated
> to the same pseudonym.
>
> This is the main reason that I'm not a fan of TorBOX.

Please tell me if there are also other reasons. I'll try to fix.

>  It provides
> pseudonymity, not anonymity, but most people will think that
> it
> provides anonymity.

What you say is true and I am working on a fix.

I don't want to trivialize TorBOX's weakness, but I made this thread because this fact is unclear for most Tor users (not only TorBOX users).

______________________________________________________
powered by Secure-Mail.biz - anonymous and secure e-mail accounts.



More information about the tor-talk mailing list