[tor-talk] Identify requests made by the same user
NoWhereMan
nowhereman at autistici.org
Fri Jun 21 09:05:41 UTC 2013
Il 21.06.2013 09:37 grarpamp ha scritto:
>
> At the level of the resultant TCP tunnel (at the application layer,
> through
> an exit or to an onion) all real IP's are effectively anonymized. Tor
> uses
> a mix of PKI, DH, EC, etc in extending its paths and so on. Your
> question involves that, ie: does your client negotiate using some
> identifiables from that with each endpoint... Take a look at
> tor-spec.txt
> and path-spec.txt.
Hmmm, ok. What I actually can't understand is: when contacting an hidden
service, the message for it gets encrypted using its public key. And
some other security layers, ok, but the message uses the HS public key.
The response, should work the same way, no? I mean: the hidden service
encrypts the response using the client's key, so it knows that. The HS
actually know the client's key: it can't correlate the key with a
location, an ip address or a name, but this can be exploited so that 2
different hidden service's administrators could actually know that
request X on hidden service A and request Y on hidden service B has been
made from the same client (as the responses have been encrypted with the
same public key).
Can't understand where i'm wrong. As I hope to be wrong.
Thankyou
--
NoWhereMan
nowhereman at autistici.org
More information about the tor-talk
mailing list