[tor-talk] Tor Weekly News — October 23th, 2013

Michael Wolf mikewolf53 at gmail.com
Thu Oct 24 22:37:07 UTC 2013

On 10/24/2013 5:42 PM, Joe Btfsplk wrote:
> On 10/24/2013 2:57 PM, Michael Wolf wrote:

>> In regards to being "noticed once" -- if the site you are visiting is
>> being watched by your government, then being noticed just once may be
>> cause for them to watch you more closely.  If you're posting data to
>> wikileaks, having your government notice this could constitute a "very
>> bad thing".  That is just one example.
> Thanks for the details.  Of course you're correct about being noticed
> once, posting or d/l _certain data_ from certain sites (being watched). 
> Question - for average users in "free" societies, if you're "noticed"
> once visiting a  site like wikileaks (legal in most countries) by a
> formidable adversary (just visit - not post, download, etc.), & they
> reasonably confirmed the entry traffic & exit traffic are the same 
> (volume & timing), the assumption is they put all visitors on a watch list?

Whether that is the assumption or not is a matter of your personal level
of paranoia :)

> If they saw the IP address you came from to the entry node & you did
> something they were *really* interested in AND had the authority, I
> guess they could "request" from your ISP, who used that address on that
> date & time.
> That is of utmost concern if you're Assange or Snowden; such use is the
> primary concern of Tor Project.
> For avg users, is it a huge concern (unless things change a lot - & they
> could)?

If by "avg users", you mean "average people", I would suppose it isn't a
huge concern... but I don't know enough about Tor's "average user" to be
able to comment further.  It seems like it would be a failure of the Tor
project if anyone could confidently assert what is an "average Tor
user", as it would imply that someone can tell that 1000 unique Tor
users visit wikipedia in a day, vs 5 who visit very frequently.

That being said -- I believe (and I could be wrong) that Tor's target
audience is really those living in repressive regimes and subject to
censorship, and of course the whistle blowers too.  "Once is enough"
definitely applies to those people.  The rest of "us" just get first
rate privacy, and our traffic helps obfuscate the traffic of the people
who *need* anonymity.

> Even for a one time whistle blower of a small co., is it likely someone
> would 1) be watching the exact entry / exits you used, AND 2) have the
> authority to track you down and care enough to do so?
> Do most gov'ts care about reporting sexual harassment at Bob's Broom
> Factory or who wishes to remain anonymous when data searching on male
> impotence?

Probably not :) ...  But don't underestimate the power of larger
businesses (financial, recording/movie industry, oil), and their ability
to get what they want from governments.

> I don't grossly :) misunderstand how Tor network works, though I'm no
> expert, like most users.  Certainly unsure how fingerprinting figured
> into adversaries controlling / watching entry & exit nodes, etc.

Fair enough.  I just said that because of the solution you provided --
changing fingerprints midstream.  It suggested that you thought each
relay could view your traffic directly, and that you didn't understand
that your traffic is wrapped in layers of encryption that are "peeled"
one-by-one as you reach each successive relay.  Since these layers of
encryption are a fundamental piece of how Tor works (and why it's called
"The Onion Router"), failing to understand that would be a "gross
misunderstanding" in my book :)  No offense intended, I assure you.

More information about the tor-talk mailing list