North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Tor and network security/administration

  • From: Todd Vierling
  • Date: Wed Jun 21 17:04:26 2006
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta;; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=Yu9awgNw+AECahXu+OFTEQCmk7TyZjI1jMettd30hR5PfafjelhrwcZxrKa9yxL66rvG0Y5i9xBa77MCFhRKeJdrKmIljxGt07YD6bDN9l8A6Nq4o1MmunXnUy/DbL+dMrL5NRY4WBVZjpu+n09ySk9PKjxvxSfHO+mHoopti4w=

On 6/21/06, Lionel Elie Mamane <[email protected]> wrote:
> Here's where your misunderstanding is evident.  The filtering proxy
> is not at the Tor exit node; it's at the *entry*.

If the proxy is not at the Tor exit node, how can the tor network
enforce the addition of the "this connection went through tor" HTTP
header that Kevin Day was asking for?
And Tor users will desire to do this ... why?  I have been referring
to the proxying behavior *currently in use* on Tor and likely to be
developed further in the near future.  It is highly *unlikely* that
Tor will add such a header by default, so there's little point in
thinking that such a so-called "solution" might actually come to

Note that nowhere have I implied that Tor HTTP requests would look
like anything but regular HTTP requests, and in fact, that's exactly
the point of Tor's design.  I am NOT using this thread to comment on
the appropriateness of that behavior (I have mixed personal opinions
on that), but rather, to point out what its *users* want, which is
what is likely to be implemented.  Hence my earlier comment about
addressing social vulnerabilities via solely technological methods.

if you rely on a
program sitting on the user's computer adding that header, then
malevolent users can not add this header,
And non-malevolent users who simply wish to avoid marketeers'
statistical data tracking.  There's more than one use for the
technology, y'know.

so Kevin Day's purpose is not served.
If the point of the technology is to add a degree of anonymity, you
can be pretty sure that a marker expressly designed to state the
message "Hi, I'm anonymous!" will never be a standard feature of said
technology.  That's a pretty obvious non-starter.

-- Todd Vierling <[email protected]> <[email protected]> <[email protected]>