Friday, September 15, 2006

Detecting Tor

Talking about Tor with RSnake has produced some interesting points:

First of all, the use of Tor can be detected. In detail, Privoxy - a proxy working with Tor to provide web surfing anonymity - tends to block certain website elements that may blow a user's "cover". Such behavior can be monitored by a website to determine whether a visitor is under a cloak of invisibility or not.

Also, as pointed out, Tor network uses the domain extension .onion (like .com). Of course that is inaccessible outside the network so there you have it, another detection way. If such page gets a hit, the user is using Tor. Of course the user's anonymity is not compromised in any way since one can never be sure about the given IP. Yet this method is a potential tool for content providers who aim in restricting access to identifiable users.

Tor still remains one of the best ways of operating in insecure networks.

No comments: