Windows DRM can be used to detect the real IP of Tor users.

in #privacy8 years ago


It seems Tor users better not open DRM files on your Windows computer. Of course it is better not to use windows at all ;-)

Hacker House (a team that also found vulnerabilities in Red Star (north Korea linux OS) made a short movie how it works.

Digital Rights Management (DRM) is a license technology used to prevent spreading of illegal media files. It does this by locking the audio and video files or streams with a encryption key. When you open a file protected by DRM is will ask for the decryption key. This decryption is key is provided by a network server. So users need to be connected to the internet.

The computer will send the real ip address instead of the Tor ip. Of course this is not a new type of attack but still.

See the video below for the demonstration.

Sort:  

Thanks for posting such an interesting article. Good, information and thought worthy.

If you want to stay really anonymous you have to be very careful. I've not used Tor, but I hear it's not 100% anonymous, depending on how you use it. Security is hard

get rid of images, links, any multi media files , and you are done , also don't use and widely adopted platforms like fb yt google ... :D , go through multiple VPN's :D , damn near impossible.

Ever use the Lynx browser? Pure text :) Probably not usable for most of the web these days. The web is as much code as data now

yeah , during my last ventures i found the cliqz browser, but can't say I'm a fan or am using it , mozzila does it for me , if i can go with that i would, it's hard to change patterns, can't even switch to linux :D , and having a code mind to translate the page into colors and format would be too much for me :D

oh boy!!! I feel like at some you will need to use a new computer everytime you want to use tor!

Lol. Just boot from usb with Tails

Who knows, next time they will say your usb key or pc leaked your hardware configuration. loool. But seriously it is always surprising how they de-anonymize people.

yeah should work , still I did watch some defcon conferences , kind of fun , but serious. I'm a bit skeptical of the new mainstream , technology is the greatest thing :D :| , shame , people don't talk face to face , we just teleport in the internet :D

As long as you never open any files while actively connected to the internet, your ip should not have any way of being transmitted. But this requires a level of discipline, and requires that you (or anyone else on your computer) honor the practice at all times.

This is good info for people to know. Thanks for posting.