Security Basics mailing list archives

RE: Anonymity via Tor?

From: "Petter Bruland" <pbruland () fcglv com>
Date: Mon, 16 Apr 2007 15:02:04 -0700

Out of all the anonymous proxy providers, how can you tell that you are
(somewhat) anonymous while surfing? (if you don't post your name/email
addy etc anywhere, just general web surfing.)

I could just imagine a person setting up a proxy, getting some suckers
to use it, thinking that they are anonymous. And then rather than not
keeps logs etc, they would log your every move, hoping to catch
something useful for a potential attack.

Anyway, that was just my random two cents. :-)

-Petter


 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Krymson () gmail com
Sent: Monday, April 16, 2007 7:03 AM
To: security-basics () securityfocus com
Subject: Re: Anonymity via Tor?

Tor is pretty nice, although it can be slow. I think using random web
proxies open on the Internet (while questionably legal) is a better
route (pun unintended). You can go a Google search for "free anonymous
web proxies" and eventually find lists of them. Think of Tor as
basically the same thing as using a web proxy, only instead of just one,
you're going through 3 of them. You can get some pretty slow response
times on websites that way.

Theoretically, there are some attacks that other replies may have posted
links to that can attack your anonymity. The first involves owning the
DNS server you send requests to, thus knowing where you're going (pretty
exotic). The second involves owning multiple Tor servers and getting
lucky in seeing your traffic end-to-end. The last server your connection
goes through to hit your target server is particularly sensitive as that
will be the server that, for instance, sends your clear-text data to the
web site. If you logged into a banking site and I own that Tor server
you exited out of, I can possibly inspect your data.

Now, Tor only provides you anonymity by obfuscating your IP address, but
if you log into sites using your real name or something Googlable, you
can still be tracked down.

As far as what else can be used with Tor, that can depend on what you
are using Tor for. I think most people use it for web browsing. If you
use Firefox, the Tor toggle plugin is really useful.

<- snip ->
Any thoughts on "Tor"? Is this a safe and effective way to achieve
anonymity while online? Is there anything better or what other tools
should this be combined with?

Current thread:

Anonymity via Tor? Razorren (Apr 13)
- Re: Anonymity via Tor? Florian Rommel (Apr 15)
- Re: Anonymity via Tor? Scan_it (Apr 15)
  - Re: Anonymity via Tor? Jeffrey F. Bloss (Apr 16)
- Re: Anonymity via Tor? phillip () cryptolife org (Apr 15)
- Re: Anonymity via Tor? Marcos Marado (Apr 16)
- Re: Anonymity via Tor? GNU/Buanzo - mod_auth_openpgp (Apr 18)
- <Possible follow-ups>
- Re: Anonymity via Tor? Vincenzo Ciaglia (Apr 15)
- Re: Anonymity via Tor? Krymson (Apr 16)
  - Re: Anonymity via Tor? Jeffrey F. Bloss (Apr 16)
  - RE: Anonymity via Tor? Petter Bruland (Apr 16)
- Re: Anonymity via Tor? krymson (Apr 16)
  - RE: Anonymity via Tor? David Gillett (Apr 17)
  - Re: Anonymity via Tor? Ansgar -59cobalt- Wiechers (Apr 17)
- Re: Anonymity via Tor? krymson (Apr 18)
- Re: Anonymity via Tor? kyle . bader (Apr 18)
- Re: Re: Anonymity via Tor? bardotherevolting (Apr 19)
  - Re: Anonymity via Tor? Jeffrey F. Bloss (Apr 19)