On Sun, 18 Dec 2011 23:33:13 +0000 Matthew R <[email protected]> wrote: > SR: If you have access to certain tools, you can completely ignore > Tor. You can trap your subject’s IP address without wasting your time > busting through Tor. Without revealing too many tricks, for example, > it’s easy enough to send someone an e-mail that broadcasts location > info back to a server. Someone operating a trap website can grab > Evan’s cookies and see his entire browser history and his current IP > address. With only a minimal amount of work, you can determine where > Evan is viewing a website from.
This also requires the user not being very sophisticated. If you load up html emails full of web-bugs, javascript, and your normal browser pointed at Tor, then I believe most of what 'SR' says is correct. I don't believe this is true for Tor Browser users, but I welcome research and proof otherwise. Also, we'll fix any leaks found. If the 'wiretappers ball' has shown anything, there are plenty of well-marketed solutions for surveilling and stalking unsuspecting users. Ask them how well they work against even moderately sophisticated users, like junior agents of foreign agencies, you'll get a different answer and lots of weasel words. I've seen these tools used by abusers against their victims as well. If you can infect the operating system, such as carrier IQ, keyloggers, software to 'know where your kid/spouse/dog are at all times', and the like, you've won. Tor alone cannot protect you if your operating system is compromised. Tails can help in these situations. If your hardware is compromised, tails can still help, with caveats. If you're trying to be anonymous with Tor while someone with an automatic weapon is standing behind you, you've lost in many ways. It's all about understanding and managing risks. -- Andrew http://tpo.is/contact pgp 0x74ED336B _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
