Tor and network security/administration

Wed Jun 21 21:02:47 UTC 2006

On 6/21/06, Lionel Elie Mamane <lionel at mamane.lu> wrote:
>
> > Here's where your misunderstanding is evident.  The filtering proxy
> > is not at the Tor exit node; it's at the *entry*.
>
> If the proxy is not at the Tor exit node, how can the tor network
> enforce the addition of the "this connection went through tor" HTTP
> header that Kevin Day was asking for?

And Tor users will desire to do this ... why?  I have been referring
to the proxying behavior *currently in use* on Tor and likely to be
developed further in the near future.  It is highly *unlikely* that
Tor will add such a header by default, so there's little point in
thinking that such a so-called "solution" might actually come to
light.

Note that nowhere have I implied that Tor HTTP requests would look
like anything but regular HTTP requests, and in fact, that's exactly
the point of Tor's design.  I am NOT using this thread to comment on
the appropriateness of that behavior (I have mixed personal opinions
on that), but rather, to point out what its *users* want, which is
what is likely to be implemented.  Hence my earlier comment about
addressing social vulnerabilities via solely technological methods.

> if you rely on a
> program sitting on the user's computer adding that header, then
> malevolent users can not add this header,

And non-malevolent users who simply wish to avoid marketeers'
statistical data tracking.  There's more than one use for the
technology, y'know.

> so Kevin Day's purpose is not served.

If the point of the technology is to add a degree of anonymity, you
can be pretty sure that a marker expressly designed to state the
message "Hi, I'm anonymous!" will never be a standard feature of said
technology.  That's a pretty obvious non-starter.

-- 
-- Todd Vierling <tv at duh.org> <tv at pobox.com> <todd at vierling.name>