any moment now ...

StealthMonger StealthMonger at nym.mixmin.net
Mon Nov 29 19:28:27 PST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Justin Bull <justin.bull at sohipitmhz.com> writes:

> As a beginner in the crypto field, I thought Tor was actually quite
> secure.  Seeing that is not the case, what is regarded as a safe,
> anonymous browsing practise?  And, as far as I know, monitoring an
> exit node only reveals the destination address, not the sender...
> Is that really a security issue?

If by "secure" you mean that the individual doing the browsing cannot
be traced, note that in any low-latency Internet access, packet timing
correlations between the parties can easily confirm any suspected
linkage.  As the Tor documentation itself states,

   ... for low-latency systems like Tor, end-to-end traffic
   correlation attacks [8, 21, 31] allow an attacker who can observe
   both ends of a communication to correlate packet timing and volume,
   quickly linking the initiator to her destination.

http://tor.eff.org/cvs/tor/doc/design-paper/challenges.pdf


More difficult to trace is Internet access by email via the remailer
network.  See my "uinmyn", URL below.




 -- StealthMonger <StealthMonger at nym.mixmin.net>
    Long, random latency is part of the price of Internet anonymity.

   uinmyn: Is this anonymous surfing, or what?
   http://groups.google.com/group/alt.privacy.anon-server/browse_thread/thread/089c8f2f251c207e?fwc=1

   stealthmail: Hide whether you're doing email, or when, or with whom.
   mailto:stealthsuite at nym.mixmin.net?subject=send%20index.html


Key: mailto:stealthsuite at nym.mixmin.net?subject=send%20stealthmonger-key

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>

iEYEARECAAYFAkz0SW0ACgkQDkU5rhlDCl5brgCgv4m4G4Z0NhXE76YkwhmrfJYL
CKYAniic1yodWVjzAkCL5e4oWoIPzyV1
=Rye4
-----END PGP SIGNATURE-----





More information about the cypherpunks-legacy mailing list