[tor-talk] Fwd: [rt.torproject.org #15873] Re: Another way that people can be watched
zolar1 at hush.com
Sun Nov 10 19:18:31 UTC 2013
----- Forwarded message from "Sherief Alaa via RT" -----
Date: Sun, 10 Nov 2013 18:09:46 +0000
Subject: [rt.torproject.org #15873] Re: Another way that people can be
To: zolar1 at hush.com
On Sun Nov 10 15:54:33 2013, zolar1 at hush.com wrote:
> When checking browser security, I was thinking.
> When any OS initially connects to the internet, a negotiation
> the host and ISP occurs.
> During that time, certain information will be sent or can be sent to
> the ISP, like OS, machine I.D., hardware ID's, ect.
> If somehow an ISP cold determine the sites visited (most probable
> sites) when using any browser, including TOR, I believe that the
> connection could be traced back to the host computer, thus
> the user and their location.
> Linux creates a unique ID when first installed. And therein lies a
> vulnerability. UUID's are an AWFUL way to make an OS, unless you are
> in intelligence or similar when you must ensure that the person
> connecting is authorized.
> TAILS is supposed to be good and protecting oneself, but during the
> negotiation phase, machine info *could* be transferred to the ISP.
> Armed with a unique machine ID and/or other UUID's, a government
> watch end sites and compare information.
> In a way quantum methods are applicable. The more you know about a
> specific item the less you know what it is doing.
> A government could glean the ID's, ignore the transit routes of the
> connections and monitor end points for the same ID's and such.
> They wouldn't need to know the route, just the start and end points.
> government could simply ignore MITM attacks and simply look for
> matching information at the sites visited.
> Recently I read that the NSA, for example, cracked the HTTPS
> If they can do it, other nefarious governments can too.
> Eventually, I suspect that all Linux or specifically all non windows
> OS's will be blocked at the ISP level. And my reasoning is this:
> Microsoft just gave the NSA a long list of back doors that windows
> This makes it easy for governments to gain unauthorized access into
> people's computers. Linux has vulnerabilities too, but no where near
> as many.
> Governments would simply take the path of least resistance and bar
> linux from being used - i.e. make everyone use Windows for speed and
> Perhaps you could make a Linux Version that is preconfigured with
> I2P, JonDoFox, OPEN VPN, etc and spoof not only mac addresses at
> startup for both LAN and WiFi, with obscurely randomized machine
> while listing Windows as the host to blend in with the rest of the
> windows users.
> That way if anyone wants to exploit a windows vulnerability it won't
> work. Perhaps a detection program that would detect attempts to
> exploit windows vulnerabilities would be appropriate. When such
> detections are made, an automatic change to the system could be made
> to alter the information presented and throw off monitors.
> In a world where you are presumed (postulated) to be a criminal by
> governments and others, you have to take countermeasures to protect
> Note: running TAILS from Disc or flash drive is far too slow to be a
> suitable OS to do anything. And without JAVA (script) and
> people are severely limited as to what they can do online.
> Perhaps allow both of those but obfuscate the stolen information
> glean while in use might be a good idea.
> At least the browsers and OS would be more usable.
> Not everyone wants to be seditionists and such. Some of us merely
> our privacy and still enjoy what is provided online.
> Perhaps send information out on one IP address and get information
> back via another IP address on the same machine?
> Twice the monitoring would be needed with 4 times the effort
> to track and monitor people.
> Again, many thanks for working on the TOR project.
I recommend sending this email to the tor-talk mailing list, you will
get a lot
more useful answers than here.
More information about the tor-talk