[liberationtech] Browser-based Tor proxies
Steve Weis
steveweis at gmail.com
Thu Jan 3 20:02:50 PST 2013
Yes, the system is vulnerable to client enumeration if there are few
facilitators and proxies. If there are many facilitators and proxies, then
the adversary needs to discover facilitators, constantly poll them, and
compete with legitimate proxies to learn client IPs.
They won't discover every facilitator and cannot poll too aggressively
without detection, but will certainly learn some client IPs. This may or
may not be an acceptable risk. As the authors discussed, the adversary can
already conduct traffic analysis, so it might be no worse than the status
quo.
On Thu, Jan 3, 2013 at 5:57 PM, Daniel Colascione <dancol at dancol.org> wrote:
> I'm extremely worried by the client enumeration problem. Nothing
> could paint a brighter target on dissidents. Normalization is no
> defense here, since it applies to any scheme for circumventing a
> censorship system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130103/378ac630/attachment.html>
More information about the liberationtech
mailing list