Delivery-Date: Sat, 28 Jun 2014 19:41:49 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 2DF611E0941
	for <archiver@seul.org>; Sat, 28 Jun 2014 19:41:47 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 831A62F66A;
	Sat, 28 Jun 2014 23:41:44 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id BABD42F41D
 for <tor-talk@lists.torproject.org>; Sat, 28 Jun 2014 23:36:46 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Hi4MG0qhN5xp for <tor-talk@lists.torproject.org>;
 Sat, 28 Jun 2014 23:36:46 +0000 (UTC)
Received: from mail2.eff.org (mail2.eff.org [173.239.79.204])
 (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 956CB2EC59
 for <tor-talk@lists.torproject.org>; Sat, 28 Jun 2014 23:36:43 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org;
 s=mail2; 
 h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date;
 bh=uy1TVEwTp8/N80SGZQAaXrywPqIkdh+g2tABSWt4VIs=; 
 b=hRU3DX9BFLUThY2gGX8SyNAUxqJcdwRV0ibxzvgcNi4g71SFMXMuAe77GwO8bSzGDcr7tgVcK/xndJ985GwtU6Z899JW2cHQov5FgSYGTCEhZn0JlpU13XGCVLmtShiJ4NtWv10VIac7aZNdvDTEoS1vRlOrLhOC8OiX/ihwy14=;
Received: ; Sat, 28 Jun 2014 16:36:40 -0700
Date: Sat, 28 Jun 2014 16:36:40 -0700
From: Seth David Schoen <schoen@eff.org>
To: tor-talk@lists.torproject.org
Message-ID: <20140628233640.GQ27275@mail2.eff.org>
References: <cead7373f87c023abecd06b62ebfc474@openmailbox.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cead7373f87c023abecd06b62ebfc474@openmailbox.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and
	Tor.
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

williamwinkle@openmailbox.org writes:

> I don't understand what Schneier means by this:
> 
> "After identifying an individual Tor user on the internet, the NSA
> uses its network of secret internet servers to redirect those users
> to another set of secret internet servers, with the codename
> FoxAcid, to infect the user's computer."
> 
> Surely the whole point of Tor is that the requester of
> http://www.target_website.com cannot be identified based on the
> traffic which leaves the exit node. Since the N_S_A would only know
> the IP address of the exit node and the destination
> http://www.target_website.com, how can the client be identified even
> if the traffic is redirected to the FoxAcid servers?

Tor is preventing the user from being identified by their (true) source
IP address.  In the hypothesis of the article, there's sometimes another
way to identify the user, for example because they've logged into a
(non-TLS) service using a particular username and password, or because
they sent a particular cookie.

The materials that Schneier is reporting on use a very broad notion of a
"selector" -- a way of referring to a particular user or device or
network in order to associate network traffic with them.  One of the
most fundamental selectors on the Internet is someone's source IP
address, which Tor obfuscates.  The Tor Browser also tries not to have
any persistently distinguishable features between one user's traffic
and another's (unlike a normal desktop web browser!), but a user's
particular behavior could still provide ways of identifying them and
distinguishing them from other users.

-- 
Seth Schoen  <schoen@eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

