Hi Scott, On Sat, 18 Jul 2009 22:40:52 -0400 Scott Ehrlich <srehrl...@gmail.com> wrote: >I'm steadily learning about torproject and privoxy, learning that tor >is the conduit that actually aides with anonymizing the user. I saw >the comic/graphic on tor's page showing how the initial connection is >made to a server.
Welcome to the community of interested tor users, then! > >I'd like to know are the full details on how said server connections >are made. Does the client reach out to the same server every time? >If an entity/person wants to perform multiple searches, all >anonymously, hoping, or so long as nobody is sniffing traffic between >the entity/person and the server destination, will tor reach out to >different servers at various increments of time to learn new servers, >essentially utilizing spread-spectrum techniques, but a potential >passive sniffer keeping track of the servers being hopped to? > >Is there anything to truly prevent the same machine or IP from being >sniffed while connecting to a tor server to enable traceback to the >originating entity/person, provided there is no in-house rogue user or >system - that the rogueness is external?? > There is quite a bit of documentation included in the distributions and also on the tor project's web site that should answer the bulk of your questions above. You neglected to mention which operating system you are using, so I don't know where to tell you to look if you have tor installed already, although the documentation should have been installed somewhere onto your system. If you download the source distribution as a gzipped tar archive from the web site and unpack it, you will find the documents you need in the doc/design-paper and doc/spec subdirectories. Note that the document in the former is a LaTeX source document, so you will need to have LaTeX installed in order to typeset it before reading it. (To read LaTeX source for content is almost as painful as reading HTML for content, even if you know the language in question.) The rest of the documents are text documents in the latter directory. Alternatively, you can read all of those documents at the web site, beginning at https://www.torproject.org/documentation.html.en I think you will find that very little, if anything, in tor has been left to hope, other than that a) most users will at least try to use tor safely and sensibly, b) most users will make some effort to keep from falling very far behind on updating to current versions of tor, c) bugs will generally affect operational reliability and/or performance, rather than security or anonymity, d) the same applies as in c) for design flaws, and e) the developers and rest of the community will continue to come up with new ideas fast enough either to stay ahead of or at least to keep leapfrogging the enemies in the ongoing arms race for anonymity services and also the arms race against censorship in order to continue to make anonymity services available to people in places subject to Internet-based censorship. This kind of hope is something one holds in mind while producing a design, of course, but is also the kind of thing that is difficult at best to obviate in a design, although some attempts have been included both in tor and in affiliated projects like vidalia, privoxy, polipo, and torbutton. Do have a go at the documentation. I am confident that any questions that remain for you after reading and considering the documentation will be doozies. :-) Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at cs.niu.edu * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************