[tor-talk] Webpage autorefresh weakens onion routing

[Mark Yaler]

Hi,

This seems like the most appropriate Tor list for this issue, but move the discussion if not...

This isn't a Tor bug, but rather a security problem that occurs to Tor users due to an inadvertent anti-anonymity property of popular webpages.

Let's say you open webpage X, which automatically refreshes every minute. But the user doesn't immediately realize this problem.

The user also wishes to read webpage Y. However, this user realizes that opening both X and Y would allow his identity to be compromised, or at least significantly narrowed in probability. So the user realizes that he needs to refresh his Tor identity between accessing pages X and Y. So he does this.

Then he accesses webpage Y. Unfortunately, due to the autorefresh HTML code on webpage X, which suddenly occurs, there is now evidence (in the clear) of the same IP address accessing both X and Y within a short time window, thereby weakening his anonymity.

Pragmatically, we could just say that the user was careless, because the browser was just doing as it was told, namely, refreshing webpage X at the indicated time. In the interest of anonymity protection, however, I would argue that autorefresh should be disabled by default. I can hardly imagine security-conscious individuals being upset if this were implemented, especially considering the additional latency that it creates on top of already high latency, when it occurs. For all I know, there's some setting somewhere that would shut this off. My point is, why not do that by default?