Bugtraq mailing list archives

Re: Serious security holes in web anonimyzing services

From: pdrouin () CCOMPTES FR (Pascal DROUIN)
Date: Thu, 22 Apr 1999 08:36:44 +0100


On Thu, Apr 15, 1999 at 10:49:04PM +0100, Chris Wilson wrote:


In any case it is simply impossible to be completely anonymous on the
Internet, because packets must find some way to reach the client. The fact
that anonymising services do not keep logs of their users, makes tracing
significantly harder, but what if an anonymiser was hacked? The hacker
would make light work of identifying individual users. IMHO, nobody should
ever rely on being completely anonymous on the web.


The goal of Onion Routing is to prevent this. An attacker controlling an
onion router would not be able to discern who was doing what. The
anonymizer
is a "hide the client from the server" solution. Onion Routing is a
"hide
the fact that the client and server are communicating" solution,
including
from individual onion routers. Onion Routing is a network, it isn't one
site
with the keys to everything. Read the stuff on
http://www.onion-router.net/
for more info.

Regards,
Jeremey.
--
Jeremey Barrett <jeremey () terisa com>
GPG fingerprint = 7BB2 E1F1 5559 3718 CE25 565A 8455 D60B 8FE8 B38F

Current thread:

Re: Serious security holes in web anonimyzing services Ben Laurie (Apr 15)
- <Possible follow-ups>
- Re: Serious security holes in web anonimyzing services Pascal DROUIN (Apr 22)