Detecting TOR users

Posted by Nico Golde in hacks & code
Thursday, December 21. 2006

Today I saw that there is a very simple but cool method to detect users of http://tor.eff.org/.
Of course Tor doesnt claim to be undetectable but encrypted an anonymous access to the web.

I hope noone uses this as a chance to deny access to web sites for anonymous users.
The test is pretty easy and is done via CSS and JS.

Test yourself: http://ha.ckers.org/weird/privoxy-test.html

[via ha.ckers.org]
Comments (2) - Trackbacks (0)

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

Privoxy does not necessarily (not even closely) imply Tor use.
Besides, on a GNU/Linux system, Firefox 1.5, privoxy+Tor and the check returns "You no not seem to be using privoxy". So it's broken in the first place.
Also, Tor provides a way to detect all exit nodes so there is really no need for something like that anyway:
http://tor.eff.org/faq-abuse.html.en#Bans
#1 blindcoder (Homepage) on 2006-12-22 09:41 (Reply)
Technically, this is a way for an embedded javascript to detect tor, but not the actual site.
Still, I suppose it is possible to provide feedback to the site. Although, of course, that is fairly simple to block.
#2 espresso (Homepage) on 2007-04-16 11:09 (Reply)

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
You can use [geshi lang=lang_name [,ln={y|n}]][/geshi] tags to embed source code snippets.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA 1CAPTCHA 2CAPTCHA 3CAPTCHA 4CAPTCHA 5


You can use [geshi lang=lang_name [,ln={y|n}]][/geshi] tags to embed source code snippets.
 
 

Calendar

Back November '15
Mon Tue Wed Thu Fri Sat Sun
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30            

Quicksearch

Support



=>my website

Recent Entries

E-Plus GSM privacy/TMSI allocation leak
Thursday, October 11 2012
Exploiting the Ubiquisys/SFR femtocell webserver (wsal/shttpd/mongoose/yassl embedded webserver)
Wednesday, August 3 2011
So what happened recently...
Wednesday, April 6 2011
Sunday, February 6 2011
exim remote vulnerability
Thursday, December 9 2010
Will my Phone Show An Unencrypted Connection?
Wednesday, September 8 2010
smpCTF 2010 quals writeups
Sunday, August 8 2010
protocol design fail: MMS notification
Wednesday, July 28 2010
acrobat reader stealing my passwords
Tuesday, June 29 2010
UnrealIRCd backdoored
Saturday, June 12 2010

Archives

Syndicate This Blog

Categories



All categories

Tag cloud