On Wed, 22 Jun 2011 22:30:40 +0200 Georg Koppen <g.kop...@jondos.de> wrote:
> Sticking to the blog post (one of) its central idea seems to be to > isolate the identifiers and state to the top-level domain in the URL bar > as "activity in Tor Browser on one site should not trivially > de-anonymize their activity [i.e. the activity of Tor users, G.K.] on > another site to ad networks and exits". I am wondering whether this idea > really helps here at least regarding exit mixes. If one user requests > google.com, mail.google.com and other Google services within the 10 > minutes interval (I am simplifying here a bit) without deploying TLS the > exit is still able to connect the whole activity and "sees" which > services that particular user is requesting/using. Even worse, if the > browser session is quite long there is a chance of recognizing that user > again if she happens to have the same exit mix more than once. Thus, I > do not see how that helps avoiding linkability for users that need/want > strong anonymity while surfing the web. Would be good to get that > explained in some detail. Or maybe I am missing a point here. If you maintain two long sessions within the same Tor Browser Bundle instance, you're screwed -- not because the exit nodes might be watching you, but because the web sites' logs can be correlated, and the *sequence* of exit nodes that your Tor client chose is very likely to be unique. Robert Ransom _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
