Aha. This message explained a lot to me. Thank you for the detail on PDFs. It was very clear to me.
As for, say, iTunes, so what you're saying is that it's not a good idea to have programs like that running at the exact same time that you're online with Tor? -----Original Message----- From: Sebastian G. <bastik.tor> <[email protected]> To: tor-talk <[email protected]> Sent: Mon, Jul 15, 2013 3:55 am Subject: Re: [tor-talk] Will Tor affect Internet Explorer? (newbie question) 15.07.2013 08:39, Gabrielle DiFonzo: > > What do you mean by "phone home"? When you download a PDF document over Tor you get the properties you expect from Tor (e.g. being anonymous to the server hosting the PDF). If you then open the PDF document, while still being Online, with Adobe Acrobat Reader (or any other reader), while not having the reader configured to use Tor it could be the case that the PDF document contains a resource that is located on a server (maybe the server you downloaded it from, maybe another) and Tor gets bypassed. The server logs show someone downloads 'cryptonite.pdf' and the IP address tells the server operator that it belongs to a Tor Exit (public information). Ten seconds later the server logs show a request for a picture embedded in above PDF document, this time with another IP address, which is ultimately yours. The server operator can tell that the IP address does not belong to Tor and conclude it is yours. This broke your anonymity. This can affect a lot of files. I can affect PDFs, but you can't tell if it is safe or not. Word documents can contain external resources as well. WMA and WMV (WindowsMediaAudio) (WindowsMediaVideo) can contain DRM information which are checked against a server. I'm not sure if this applies to MP3s, but I guess that this is possible. For whatever you download over Tor and open while being Online you face the risk of your anonymity being broken. > All I really save to disk is my photos (from my phone), some PDFs, > some MP3s (iTunes) and stuff I write offline in MS Word. Is that a > bad idea? If so, why? Files that are present because you create them or downloaded them without Tor are not safe to upload somewhere as they could contain information about you. For opening them while using Tor you could face identity correlations. Let's say you like music and think it's cool to listen to while blogging anonymously with TBB. If iTunes checks license information during playback without routing it through the Tor network and you create a new blog post during that time over Tor, someone might be able to correlate the identities. (Or assume a forum you participate in pseudonymous, as it allows more fine grained timing information) Your ISP for instance would know that you are connected to the Tor network, but not what you do there, and he knows about the connection to iTunes. Best, bastik _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
