They are identified as a person of interest by visiting target_website.com (where target_website.com might be an 'extremist' site or a webmail box that has attracted attention) and then *in real time* code injection and redirection can be used to attack the person's computer. So 'identifying an individual Tor user' means 'identifying as a person of interest, new or previously encountered but not yet traced'. GD -----------
But how can the person's computer be identified since all that is seen is the connection between the exit node and the destination target_website.com The point, surely, is that real time code injection should not be possible since no-one can trace the connection from the exit node back to the user. I am not saying that the user cannot be traced e.g. if he logs into his own webmail account via Tor; I am saying that the trace should not occur due to the Tor network. Does this make sense? -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
