[90947] in North American Network Operators' Group
Re: Tor and network security/administration
daemon@ATHENA.MIT.EDU (Todd Vierling)
Wed Jun 21 17:03:29 2006
Date: Wed, 21 Jun 2006 17:02:47 -0400
From: "Todd Vierling" <tv@pobox.com>
To: "Todd Vierling" <tv@pobox.com>, nanog@merit.edu
In-Reply-To: <20060621174311.GA30836@capsaicin.mamane.lu>
Errors-To: owner-nanog@merit.edu
On 6/21/06, Lionel Elie Mamane <lionel@mamane.lu> wrote:
>
> > Here's where your misunderstanding is evident. The filtering proxy
> > is not at the Tor exit node; it's at the *entry*.
>
> If the proxy is not at the Tor exit node, how can the tor network
> enforce the addition of the "this connection went through tor" HTTP
> header that Kevin Day was asking for?
And Tor users will desire to do this ... why? I have been referring
to the proxying behavior *currently in use* on Tor and likely to be
developed further in the near future. It is highly *unlikely* that
Tor will add such a header by default, so there's little point in
thinking that such a so-called "solution" might actually come to
light.
Note that nowhere have I implied that Tor HTTP requests would look
like anything but regular HTTP requests, and in fact, that's exactly
the point of Tor's design. I am NOT using this thread to comment on
the appropriateness of that behavior (I have mixed personal opinions
on that), but rather, to point out what its *users* want, which is
what is likely to be implemented. Hence my earlier comment about
addressing social vulnerabilities via solely technological methods.
> if you rely on a
> program sitting on the user's computer adding that header, then
> malevolent users can not add this header,
And non-malevolent users who simply wish to avoid marketeers'
statistical data tracking. There's more than one use for the
technology, y'know.
> so Kevin Day's purpose is not served.
If the point of the technology is to add a degree of anonymity, you
can be pretty sure that a marker expressly designed to state the
message "Hi, I'm anonymous!" will never be a standard feature of said
technology. That's a pretty obvious non-starter.
--
-- Todd Vierling <tv@duh.org> <tv@pobox.com> <todd@vierling.name>
