[10287] in bugtraq
Re: Serious security holes in web anonimyzing services
daemon@ATHENA.MIT.EDU (Jeremey Barrett)
Tue Apr 20 14:10:55 1999
Mail-Followup-To: Chris Wilson <cmw32@CAM.AC.UK>, BUGTRAQ@netspace.org
Date: Mon, 19 Apr 1999 14:54:10 -0500
Reply-To: Jeremey Barrett <jeremey@TERISA.COM>
From: Jeremey Barrett <jeremey@TERISA.COM>
X-To: Chris Wilson <cmw32@CAM.AC.UK>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.SOL.3.95q.990415223852.7660B-100000@red.csi.cam.ac.uk>;
from Chris Wilson on Thu, Apr 15, 1999 at 10:49:04PM +0100
On Thu, Apr 15, 1999 at 10:49:04PM +0100, Chris Wilson wrote:
>
> In any case it is simply impossible to be completely anonymous on the
> Internet, because packets must find some way to reach the client. The fact
> that anonymising services do not keep logs of their users, makes tracing
> significantly harder, but what if an anonymiser was hacked? The hacker
> would make light work of identifying individual users. IMHO, nobody should
> ever rely on being completely anonymous on the web.
>
The goal of Onion Routing is to prevent this. An attacker controlling an
onion router would not be able to discern who was doing what. The anonymizer
is a "hide the client from the server" solution. Onion Routing is a "hide
the fact that the client and server are communicating" solution, including
from individual onion routers. Onion Routing is a network, it isn't one site
with the keys to everything. Read the stuff on http://www.onion-router.net/
for more info.
Regards,
Jeremey.
--
Jeremey Barrett <jeremey@terisa.com>
GPG fingerprint = 7BB2 E1F1 5559 3718 CE25 565A 8455 D60B 8FE8 B38F
