Delivery-Date: Fri, 04 Jul 2014 00:57:15 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 624291E0B22
	for <archiver@seul.org>; Fri,  4 Jul 2014 00:57:13 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id B76D42E99C;
	Fri,  4 Jul 2014 04:57:10 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 7AA552B995
 for <tor-talk@lists.torproject.org>; Fri,  4 Jul 2014 04:52:40 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id IuXIavH7zw2G for <tor-talk@lists.torproject.org>;
 Fri,  4 Jul 2014 04:52:40 +0000 (UTC)
Received: from nm13-vm0.bullet.mail.bf1.yahoo.com
 (nm13-vm0.bullet.mail.bf1.yahoo.com [98.139.213.79])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 5498C29C66
 for <tor-talk@lists.torproject.org>; Fri,  4 Jul 2014 04:52:40 +0000 (UTC)
Received: from [98.139.214.32] by nm13.bullet.mail.bf1.yahoo.com with NNFMP;
 04 Jul 2014 04:52:37 -0000
Received: from [98.139.212.238] by tm15.bullet.mail.bf1.yahoo.com with NNFMP;
 04 Jul 2014 04:52:37 -0000
Received: from [127.0.0.1] by omp1047.mail.bf1.yahoo.com with NNFMP;
 04 Jul 2014 04:52:37 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 675311.41347.bm@omp1047.mail.bf1.yahoo.com
Received: (qmail 76375 invoked by uid 60001); 4 Jul 2014 04:52:37 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024;
 t=1404449557; bh=A3mdyA3hSFJ0vsUlidcPcYYXnhMsll9WSXqk7w0DEXk=;
 h=References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type;
 b=pQxHiSdsUw9yQHpme3YsgjEbUSYDCHqBNNfhAW6dH6Pbn8qn7oklptfuDLlNxAFJaXL1Ys1No/Y4Vcx69/YVXHtfGuT6Sd6Kc7W2T+xqa1W9Fw86s6vMq9z5yqihb/9vYSd1rOz2Uast7hYQHLCMIGZf60ddAw31YLoDEzP/Ajk=
X-YMail-OSG: CcGvAS4VM1kug4TCNCc5unI7aYzK7RLkENIkdGe0RHWvqf0
 LufjFXTLFWhLXGM73hM9cC25C4Xx8P0pgmY_14J1As9Clo1nEwb0Qq1oWE83
 JqTZRVSZIpLgjxLftI4XgFtWqP3eNXtkCyg5KWhqCeG6Zf1Q3REa90xCSmwR
 GEfClMBBeVTho1PbilslTMChaQSjarB0SDYY8PKR7p_5Ckjn7cvUSk7wAC9d
 cC3BrgirN443WGPxHlVWnZztxaUuXnIeAkzpAYm08fO6Zzk17vrkpe5.LuqK
 DyMgeaD4mMCZ_bD40TrjEsXmmKEAzNzkoeF.yjcFdrXGmxtjtmqR66jkM6ej
 mMhbI89nkl.za4PkP4ORKVJVmurHBU6wK0eCg8HaRQ.1UMTbySbuxNCf2M_Y
 Wcw.jwpL2vaQuEExrSnfT4NEqiExukSxpHzdjOXLyqPkp4WOVEZDjKmHTeII
 fUztYP70h4ynwtE7kCmn2VROPGk67jqyttKNh80gE64DwqxXxB.2ZwDV4LvW
 Ss5Q8dsCcd2I2swI3LcWjagHANR5LMKiD_9J3_wY1oCPB8iIHVdgD
Received: from [24.60.51.177] by web140805.mail.bf1.yahoo.com via HTTP;
 Thu, 03 Jul 2014 21:52:37 PDT
X-Rocket-MIMEInfo: 002.001,
 SXQgYWxzbyBoYXMgdG8gYmUgYSBob2xsb3cgY2xhaW0uIFRvIGFjdHVhbGx5ICJkZWFub255bWl6ZSIgc29tZW9uZSB3b3VsZCBtZWFuIG1ha2luZyBhIGxpc3Qgb2YgZXZlcnkgd2Vic2l0ZSB0aGF0IHdhcyB2aXNpdGVkIGJ5IHRoYXQgY2xpZW50LiBOb3QganVzdCBpZGVudGlmeSBvbmUgY2xpZW50IHRoYXQgdmlzaXRlZCBvbmUgd2Vic2l0ZS4gQW5kIGhvdyBtYW55IGNsaWVudHMgd2VyZSB5b3UgcGxhbm5pbmcgb24gZG9pbmcgdGhhdCB3aXRoPyBJdCB3b3VsZCB0YWtlIGFuIE5TQSBzaXplIGJ1ZGdldCABMAEBAQE-
X-Mailer: YahooMailWebService/0.8.191.1
References: <CAD2Ti28UgXbB6wEry3VZjaWg4-8j7Ddi6stAfP7y+DrXWQn-0A@mail.gmail.com>
 <53B5CFE6.8000102@cyblings.on.ca>
 <CACbaT3YTV045R8=TuGUb=uxE0F+3Nay25QHzv512eeCFtJXcJw@mail.gmail.com>
 <53B60B13.2020004@rawbw.com>
Message-ID: <1404449557.15138.YahooMailNeo@web140805.mail.bf1.yahoo.com>
Date: Thu, 3 Jul 2014 21:52:37 -0700
From: C B <cb736@yahoo.com>
To: "tor-talk@lists.torproject.org" <tor-talk@lists.torproject.org>
In-Reply-To: <53B60B13.2020004@rawbw.com>
MIME-Version: 1.0
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] BlackHat2014: Deanonymize Tor for $3000
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

It also has to be a hollow claim. To actually "deanonymize" someone would m=
ean making a list of every website that was visited by that client. Not jus=
t identify one client that visited one website. And how many clients were y=
ou planning on doing that with? It would take an NSA size budget not a $300=
0 budget to try to do that for everyone. And the NSA apparently can not do =
it for everyone.

about:tor starts out by saying "Tor is NOT all you need to browse anonymous=
ly! You may need to change some of your browsing habits to ensure your iden=
tity stays safe" and has some tips at=A0https://www.torproject.org/download=
/download.html.en#warning=A0which says at the bottom "This list of pitfalls=
 isn't complete, and we need your
help identifying and documenting
all the issues" with a link to=A0https://www.torproject.org/getinvolved/vol=
unteer.html.en#Documentation
=A0
Basically we know that Tor is pretty robust, and yes it is being improved. =
I certainly benefit from using it every day. And all I really care about is=
 no one making a list of my searches and sending me targeted advertising, w=
hich is very offensive. But others have much more serious reasons for using=
 Tor.

--
Christopher Booth


________________________________
 From: Yuri <yuri@rawbw.com>
To: tor-talk@lists.torproject.org =

Sent: Thursday, July 3, 2014 10:01 PM
Subject: Re: [tor-talk] BlackHat2014: Deanonymize Tor for $3000
 =


On 07/03/2014 16:17, Adrian Crenshaw wrote:
> Best guess, many client side and web app attacks Tor can't do much about.
> (My talk at Defcon will cover a bunch of folks that got Deanonymized, but
> in every case it was not Tor that was really broke)

This actually depends on what to mean by "Tor". If just the network =

level part, then yes. But tor project also provides and promotes TBB, =

which attempts to prevent various client side exploits and web app =

attacks, but apparently can't prevent all of them. If tor project went =

one step further, and developed security-by-isolation approach (using =

virtual machines, like Whonix does), this could prevent practically all =

client side exploits. And pretty much the only way user could be =

deanoned is if he himself typed in his personal information, or logged =

into some service shared with other identities.

Yuri


-- =

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- =

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

