[10317] in bugtraq
Re: Serious security holes in web anonimyzing services
daemon@ATHENA.MIT.EDU (Pascal DROUIN)
Thu Apr 22 13:27:46 1999
Date: Thu, 22 Apr 1999 08:36:44 +0100
Reply-To: Jeremey Barrett <jeremey@TERISA.COM>
From: Pascal DROUIN <pdrouin@CCOMPTES.FR>
To: BUGTRAQ@NETSPACE.ORG
On Thu, Apr 15, 1999 at 10:49:04PM +0100, Chris Wilson wrote:
>
> In any case it is simply impossible to be completely anonymous on the
> Internet, because packets must find some way to reach the client. The fact
> that anonymising services do not keep logs of their users, makes tracing
> significantly harder, but what if an anonymiser was hacked? The hacker
> would make light work of identifying individual users. IMHO, nobody should
> ever rely on being completely anonymous on the web.
>
The goal of Onion Routing is to prevent this. An attacker controlling an
onion router would not be able to discern who was doing what. The
anonymizer
is a "hide the client from the server" solution. Onion Routing is a
"hide
the fact that the client and server are communicating" solution,
including
from individual onion routers. Onion Routing is a network, it isn't one
site
with the keys to everything. Read the stuff on
http://www.onion-router.net/
for more info.
Regards,
Jeremey.
--
Jeremey Barrett <jeremey@terisa.com>
GPG fingerprint = 7BB2 E1F1 5559 3718 CE25 565A 8455 D60B 8FE8 B38F
