From: http://www.wired.com/vanish/2009/09/interview-with-pi-steve-rambam-evan-can-be-found/
Wired: How much can one do with IP addresses that have been run through Tor? SR: If you have access to certain tools, you can completely ignore Tor. You can trap your subject’s IP address without wasting your time busting through Tor. Without revealing too many tricks, for example, it’s easy enough to send someone an e-mail that broadcasts location info back to a server. Someone operating a trap website can grab Evan’s cookies and see his entire browser history and his current IP address. With only a minimal amount of work, you can determine where Evan is viewing a website from. Does this make any sense? I assume that what the PI means is that if you send an e-mail to a non-webmail client (like Thunderbird) which does not go via Tor, then the IP can be determined when it loads the 1x1 HTML pixel from the website. However, if the victim uses webmail then surely all responses would go via Tor? Or does he mean something else? _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
