[tor-talk] SocksPort: Circuit isolation is not Exit isolation
grarpamp
grarpamp at gmail.com
Tue Sep 11 04:21:05 UTC 2012
>> The typical use case is wanting to use multiple accounts on the
>> same site at once, with a guarantee that you're not appearing to
>> be from the same exit and thus are not as easily linked.
> This doesn't make sense to me. If you've got two requests open from
> the same exit to the same site, using different accounts, then all the
> site can tell is that two Tor users (or maybe one) are connecting to
> it. That's also the same conclusion it could reach if the two
> requests were coming from the same exit.
Sentence 2 and 3 appear to be the same?
> Is there a better use case here?
I think that if I was watching the site logs and userA and userB
continually logged in daily at about the same times from the same
exit, I might infer them to be the same user. I might not even be
aware IP's in logs are multiuser tor/proxy nets. Now add in similar
client app versions, handshakes, account names, headers, settings,
etc... and parameter by parameter the linkage gets stronger, even
without infringing upon content. Keep the exits different and it's
weaker.
It's not about the maximum one can *prove* given a dataset, but
about presenting the least one can easily see, guess or think.
> the site might have rules
And so might the user. Circumstances unknown. Neither are ours to
weigh.
More information about the tor-talk
mailing list