#26677: 2015-03-01 16:11 GMT+09:00 Lodewijk andré de la porte <l at
odewijk.nl>: >
Of course it's possible. It's way harder than just, you know, regular >
tracking! Cloudflare probably has advanced tracking in order to determine >
the likelihood of being spam. Cloudflare also gets headers and IP >
addresses, in addition to having many access points already betray the user
> a little bit. The NSA only has to make sure to listen to every Cloudflare
> in and output, and they'll get a ton of decent info. > Oh, I'm sorry, I
didn't notice you meant this as tor-specific. That sure makes it a more
difficult question. I think there is little information to go on, given
many users use a single Tor exit node, and if all goes well that
information should be inseparable. NoScript makes it much harder to see
what happens on-page, without noscript there's a lot more profiling info
(mouse movement, typing rates, scrolling, those sorts of habits). One could
investigate if cloudflare can use a tracking-cookie (or similar) to combine
visits from a single user, as that would give a lot more profiling
opportunities. I assume every request passes through cloudflare, not just
the first, so site-usage should give a much better profile than the initial
captcha. Once you've found all the side-channels and their "discerning
datapoint quantity" you could calculate how often the users of a single tor
node are separable. The data is more complex, sadly, for a full observer,
as there's far more information to go on. A partial or near-full network
observer can combine timing attacks and the like with information gathered
here.
--------------------------------------+--------------------
Reporter: cypherpunks | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: - Select a component | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
--------------------------------------+--------------------
2015-03-01 16:11 GMT+09:00 Lodewijk andré de la porte <l at odewijk.nl>:
> Of course it's possible. It's way harder than just, you know, regular
> tracking! Cloudflare probably has advanced tracking in order to
determine
> the likelihood of being spam. Cloudflare also gets headers and IP
> addresses, in addition to having many access points already betray the
user
> a little bit. The NSA only has to make sure to listen to every
Cloudflare
> in and output, and they'll get a ton of decent info.
>
Oh, I'm sorry, I didn't notice you meant this as tor-specific. That sure
makes it a more difficult question. I think there is little information
to
go on, given many users use a single Tor exit node, and if all goes well
that information should be inseparable. NoScript makes it much harder to
see what happens on-page, without noscript there's a lot more profiling
info (mouse movement, typing rates, scrolling, those sorts of habits). One
could investigate if cloudflare can use a tracking-cookie (or similar) to
combine visits from a single user, as that would give a lot more profiling
opportunities. I assume every request passes through cloudflare, not just
the first, so site-usage should give a much better profile than the
initial
captcha.
Once you've found all the side-channels and their "discerning datapoint
quantity" you could calculate how often the users of a single tor node are
separable. The data is more complex, sadly, for a full observer, as
there's
far more information to go on. A partial or near-full network observer can
combine timing attacks and the like with information gathered here.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26677>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
