JavaScript tracking? HTTP logs? Poor OPSEC? Admission of guilt? I know stackz420 on Dread found someone's multiple accounts because they were making accounts in the same window (probably because the cookies from previous accounts were sent as HTTP headers). Do only people dumb enough to use the clear net site get tracked, or do the people who run the site collect information on us for tracking / LE snitching purposes?

There's too many factors to list them here. Something as dumb as interacting with the same exit node in multiple tabs can be enough. You already answered your own question with the "same window" argument, by using screen resolution information to correlate the same monitor being used. Tor's screen resolution ratio used to be static, meaning if you divide width and height, you get the same decimal no matter how you resize the window.

(July 20, 2022, 07:52 PM)penis Wrote: There's too many factors to list them here. Something as dumb as interacting with the same exit node in multiple tabs can be enough. You already answered your own question with the "same window" argument, by using screen resolution information to correlate the same monitor being used. Tor's screen resolution ratio used to be static, meaning if you divide width and height, you get the same decimal no matter how you resize the window.

The Tor browser still opens with a default size I think? At least for me the size is always the same. Everyone goes on about hiding your IP which is skid hacker 101 stuff, but even without JS enabled you can be identified by your HTTP headers, regardless of whether you open new windows. Using another computer might help in case the site's admin is collecting user info to give up to LE when they inevitably get caught, but you'd still be indentified on Tor. The only possible way around this is to use Tails, but that's such a hassle, and this assumes that at least one other person connecting to Tor (that is tracked by the site) is doing the same with the same screen size (unlikely). This site seems a bit better than Dread and other sketchy DNMs like AlphaBay, but I wouldn't put it past Pom to collect info on people in case they annoy him.

Use of Tor pointed FBI to Harvard University bomb hoax suspect

https://www.forbes.com/sites/runasandvik/2013/12/18/harvard-student-receives-f-for-tor-failure-while-sending-anonymous-bomb-threat/

(July 21, 2022, 03:25 AM)quomeng7 Wrote: Use of Tor pointed FBI to Harvard University bomb hoax suspect


https://www.forbes.com/sites/runasandvik/2013/12/18/harvard-student-receives-f-for-tor-failure-while-sending-anonymous-bomb-threat/

Guy got caught cos he fessed up, probably had reasonable deniability. Just because he was using Tor doesn't mean that he did it, that's like saying because you were in the area someone was shot then it must have been you.

(July 21, 2022, 01:05 PM)FirstAccount Wrote:

(July 21, 2022, 03:25 AM)quomeng7 Wrote: Use of Tor pointed FBI to Harvard University bomb hoax suspect


https://www.forbes.com/sites/runasandvik/2013/12/18/harvard-student-receives-f-for-tor-failure-while-sending-anonymous-bomb-threat/

Guy got caught cos he fessed up, probably had reasonable deniability. Just because he was using Tor doesn't mean that he did it, that's like saying because you were in the area someone was shot then it must have been you.

i think siomeone looked on local network logs . thats all

Sounds concerning

I think TOR nodes are controlled by the government

(July 25, 2022, 11:39 AM)meggs Wrote: I think TOR nodes are controlled by the government

You're right, only if they control enough of the nodes.

---

(July 20, 2022, 07:38 PM)FirstAccount Wrote: JavaScript tracking? HTTP logs? Poor OPSEC? Admission of guilt? I know stackz420 on Dread found someone's multiple accounts because they were making accounts in the same window (probably because the cookies from previous accounts were sent as HTTP headers). Do only people dumb enough to use the clear net site get tracked, or do the people who run the site collect information on us for tracking / LE snitching purposes?

A research paper I read could also be a factor. It's called de-anonymizing attacks. Where someone controls enough of the nodes to be the entry guard, in other words, Sybil attack.

"Correlation attacks are well-known de-anonymization attacks. In this category of attacks it is assumed that the attacker controls both the entry node and the exit node of the circuit between the client and the server."

[References]
https://github.com/Attacks-on-Tor/Attacks-on-Tor/blob/master/README.md
https://www.forbes.com/sites/kashmirhill/2014/11/07/how-did-law-enforcement-break-tor/

(July 25, 2022, 01:07 PM)OlympicGames Wrote:

(July 25, 2022, 11:39 AM)meggs Wrote: I think TOR nodes are controlled by the government

You're right, only if they control enough of the nodes.

---

(July 20, 2022, 07:38 PM)FirstAccount Wrote: JavaScript tracking? HTTP logs? Poor OPSEC? Admission of guilt? I know stackz420 on Dread found someone's multiple accounts because they were making accounts in the same window (probably because the cookies from previous accounts were sent as HTTP headers). Do only people dumb enough to use the clear net site get tracked, or do the people who run the site collect information on us for tracking / LE snitching purposes?

A research paper I read could also be a factor. It's called de-anonymizing attacks. Where someone controls enough of the nodes to be the entry guard, in other words, Sybil attack.

"Correlation attacks are well-known de-anonymization attacks. In this category of attacks it is assumed that the attacker controls both the entry node and the exit node of the circuit between the client and the server."

[References]
https://github.com/Attacks-on-Tor/Attacks-on-Tor/blob/master/README.md
https://www.forbes.com/sites/kashmirhill/2014/11/07/how-did-law-enforcement-break-tor/

Thank you for the references. I personally enjoyed Github research paper