[tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.

Bobby Brewster bobbybrewster203 at yahoo.com
Mon Jun 30 21:15:14 UTC 2014


  They are identified as a person of interest by visiting
  target_website.com (where target_website.com might be an
 'extremist'
  site or a webmail box that has attracted attention) and
 then *in real
  time* code injection and redirection can be used to attack
 the person's
  computer. So 'identifying an individual Tor user' means
 'identifying as
  a person of interest, new or previously encountered but not
 yet
  traced'.
 GD
 
-----------

But how can the person's computer be identified since all that is seen is the connection between the exit node and the destination target_website.com

The point, surely, is that real time code injection should not be possible since no-one can trace the connection from the exit node back to the user.

I am not saying that the user cannot be traced e.g. if he logs into his own webmail account via Tor; I am saying that the trace should not occur due to the Tor network. 

Does this make sense?


More information about the tor-talk mailing list