The adversary may want to correlate user identities or sessions across multiple remote services.
The adversary may want to correlate user identities or sessions across multiple remote services.
For instance, advertising networks may wish to know that a user who visited `site-x.com` is the same user that visited `site-y.com` to serve them targeted ads while law-enforcement may wish to associate anonymous activity on `site-b.com` with a known identity on `size-a.com` to build a criminal case.
For instance, advertising networks may wish to know that a user who visited `site-x.com` is the same user that visited `site-y.com` to serve them targeted ads while law-enforcement may wish to associate anonymous activity on `site-b.com` with a known identity on `size-a.com` to build a criminal case.
6.**History records and other on-disk information**
In some cases, the adversary may opt for a heavy-handed approach, such as seizing the computers of all Tor users in an area (especially after narrowing the field by the above two pieces of information).
History records and cache data are the primary goals here.
Secondary goals may include confirming on-disk identifiers (such as hostname and disk-logged spoofed MAC address history) obtained by other means.
