----- Forwarded message from "Sherief Alaa via RT" ----- Date: Sun, 10 Nov 2013 18:09:46 +0000 Subject: [rt.torproject.org #15873] Re: Another way that people can be watched To: [email protected]
On Sun Nov 10 15:54:33 2013, [email protected] wrote: > > When checking browser security, I was thinking. > When any OS initially connects to the internet, a negotiation between > the host and ISP occurs. > > During that time, certain information will be sent or can be sent to > the ISP, like OS, machine I.D., hardware ID's, ect. > > If somehow an ISP cold determine the sites visited (most probable > sites) when using any browser, including TOR, I believe that the > connection could be traced back to the host computer, thus identifying > the user and their location. > > Linux creates a unique ID when first installed. And therein lies a > vulnerability. UUID's are an AWFUL way to make an OS, unless you are > in intelligence or similar when you must ensure that the person > connecting is authorized. > > TAILS is supposed to be good and protecting oneself, but during the > negotiation phase, machine info *could* be transferred to the ISP. > Armed with a unique machine ID and/or other UUID's, a government could > watch end sites and compare information. > In a way quantum methods are applicable. The more you know about a > specific item the less you know what it is doing. > > A government could glean the ID's, ignore the transit routes of the > connections and monitor end points for the same ID's and such. > They wouldn't need to know the route, just the start and end points. A > government could simply ignore MITM attacks and simply look for > matching information at the sites visited. > > Recently I read that the NSA, for example, cracked the HTTPS protocol. > If they can do it, other nefarious governments can too. > > Eventually, I suspect that all Linux or specifically all non windows > OS's will be blocked at the ISP level. And my reasoning is this: > Microsoft just gave the NSA a long list of back doors that windows > has. > This makes it easy for governments to gain unauthorized access into > people's computers. Linux has vulnerabilities too, but no where near > as many. > Governments would simply take the path of least resistance and bar > linux from being used - i.e. make everyone use Windows for speed and > access. > > Perhaps you could make a Linux Version that is preconfigured with TOR, > I2P, JonDoFox, OPEN VPN, etc and spoof not only mac addresses at each > startup for both LAN and WiFi, with obscurely randomized machine ID's > while listing Windows as the host to blend in with the rest of the > windows users. > > That way if anyone wants to exploit a windows vulnerability it won't > work. Perhaps a detection program that would detect attempts to > exploit windows vulnerabilities would be appropriate. When such > detections are made, an automatic change to the system could be made > to alter the information presented and throw off monitors. > > In a world where you are presumed (postulated) to be a criminal by > governments and others, you have to take countermeasures to protect > yourself. > > Note: running TAILS from Disc or flash drive is far too slow to be a > suitable OS to do anything. And without JAVA (script) and Flash/HTML5, > people are severely limited as to what they can do online. > > Perhaps allow both of those but obfuscate the stolen information they > glean while in use might be a good idea. > > At least the browsers and OS would be more usable. > > Not everyone wants to be seditionists and such. Some of us merely want > our privacy and still enjoy what is provided online. > > Perhaps send information out on one IP address and get information > back via another IP address on the same machine? > > Twice the monitoring would be needed with 4 times the effort required > to track and monitor people. > > Again, many thanks for working on the TOR project. I recommend sending this email to the tor-talk mailing list, you will get a lot more useful answers than here. https://lists.torproject.org/pipermail/tor-talk/ -- Regards, Sherief Alaa PGP 0x8623B882 -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
