[SGVLUG] PRIVACY???

Emerson, Tom Tom.Emerson at wbconsultant.com
Tue Sep 27 17:12:27 PDT 2005


> -----Original Message-----
> Behalf Of Dustin
> 
> On Mon, 26 Sep 2005, John E. Kreznar wrote:
> 
> > Almost all Web browsing from this site is via anonymizing remailers
> > with hours of latency.
> 
> I've never heard of that kind of system.  Quite spiffy, and I agree it
> must be harder to crack than Tor.[...]

and again Dustin, I believe, wrote:
> > > Tor seems most vulnerable to attacks at both endpoints, where I
> > > suppose latency is irrelevant.
> > 
> > ???
> 
> I was going based on the Tor faq discussion of why using more 
> than three hops doesn't add any security.
> 
> I actually think I wasn't paying enough attention, though.  I 
> think they
> were talking about adding a *constant* number of hops. ...
> a random time delay, which should smear out the peak and
> make it harder to see in the noise. [...]

Have you ever played "sudoko"?  This is a logic-puzzle that is getting printed in various newspapers nowadays that is getting to be quite popular.  Popular enough that I finally compiled a sudoko-generator program for linux and tried it out myself.  Now, I realize you're probably thinking "how is he going to connect this to the discussion on security and muddying one's internet trail?"

Well, one of the techniques that you learn is to figure out where something CANNOT be and eliminating those as possibilities; then, as has been attributed to Mr. Holmes, once you've eliminated all the wrong answers, whatever remains must be the correct answer.

If the "anonymizer" you are using strives to hide your location, it may be "too good" and NEVER reveal your exact location, which would be a bad thing.  For instance, presuming you've become the number one guy on the jack-booted-thugs list of usual suspects, an attempt at "pinpointing" you using this technique would show you as being in a completely different place [perhaps even halfway around the globe] from one "packet" to the next.  The one place it would NEVER indicate as "where you are" is, of course, where you really are.  Now, I realize the world is a really big place, but most of it is water, so you aren't likely going to string out some cat-5 to the middle of the ocean, which reduces the problem domain a bit. :)

but if you apply a little thought and realize that it is impossible (or extremely unlikely) to travel the distances implied by consecutive packets, then all the tracker has to do is watch the map until it is almost full of "possible" locations, then look for the holes...



More information about the SGVLUG mailing list