Hi Scott,
     On Sat, 18 Jul 2009 22:40:52 -0400 Scott Ehrlich <srehrl...@gmail.com>
wrote:
>I'm steadily learning about torproject and privoxy, learning that tor
>is the conduit that actually aides with anonymizing the user.   I saw
>the comic/graphic on tor's page showing how the initial connection is
>made to a server.

     Welcome to the community of interested tor users, then!
>
>I'd like to know are the full details on how said server connections
>are made.   Does the client reach out to the same server every time?
>If an entity/person wants to perform multiple searches, all
>anonymously, hoping, or so long as nobody is sniffing traffic between
>the entity/person and the server destination, will tor reach out to
>different servers at various increments of time to learn new servers,
>essentially utilizing spread-spectrum techniques, but a potential
>passive sniffer keeping track of the servers being hopped to?
>
>Is there anything to truly prevent the same machine or IP from being
>sniffed while connecting to a tor server to enable traceback to the
>originating entity/person, provided there is no in-house rogue user or
>system - that the rogueness is external??
>
     There is quite a bit of documentation included in the distributions
and also on the tor project's web site that should answer the bulk of
your questions above.  You neglected to mention which operating system
you are using, so I don't know where to tell you to look if you have tor
installed already, although the documentation should have been installed
somewhere onto your system.  If you download the source distribution as
a gzipped tar archive from the web site and unpack it, you will find the
documents you need in the doc/design-paper and doc/spec subdirectories.
Note that the document in the former is a LaTeX source document, so you
will need to have LaTeX installed in order to typeset it before reading
it.  (To read LaTeX source for content is almost as painful as reading
HTML for content, even if you know the language in question.)  The rest
of the documents are text documents in the latter directory.  Alternatively,
you can read all of those documents at the web site, beginning at

        https://www.torproject.org/documentation.html.en

     I think you will find that very little, if anything, in tor has been
left to hope, other than that a) most users will at least try to use tor
safely and sensibly, b) most users will make some effort to keep from
falling very far behind on updating to current versions of tor, c) bugs
will generally affect operational reliability and/or performance, rather
than security or anonymity, d) the same applies as in c) for design flaws, 
and e) the developers and rest of the community will continue to come up
with new ideas fast enough either to stay ahead of or at least to keep
leapfrogging the enemies in the ongoing arms race for anonymity services
and also the arms race against censorship in order to continue to make
anonymity services available to people in places subject to Internet-based
censorship.  This kind of hope is something one holds in mind while
producing a design, of course, but is also the kind of thing that is
difficult at best to obviate in a design, although some attempts have been
included both in tor and in affiliated projects like vidalia, privoxy,
polipo, and torbutton.
     Do have a go at the documentation.  I am confident that any questions
that remain for you after reading and considering the documentation will
be doozies. :-)


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************

Reply via email to