There are topologically-based methods to de-anonymize Tor and VPN users. I seriously, seriously doubt Ride has the resources or capabilities to do such a thing but its not impossible in the slightest. There are a lot of different ways to pwn Tor users. Kiwifarms has some really odd people using it.
View attachment 6972
Ride is a methhead though so this isn't possible. Let's look at some more reasonable things:
He could've used timings to determine Boingo's geolocation. Confimation would be observing his behavior
on this site (As boingo is on pretty frequently) and comparing it to the activity of the suspected sock. If there's attention switching (Sock makes posts while Boingo is idle here and vice versa) its pretty strong evidence.
He could just be doing some parallel construction fuckery and in reality just de-anonymized Boingo with things like stylometric analysis (What vocabulary is he using? Unique typing styles? Boingo is pretty autistic so its not too difficult to determine which posts are his), knowledge domain projection (Ok, what information has this user revealed? What experiences do they have? (For example, SIGSEGV is a programmer familiar with C and C++. Considering his presence on this site there's a strong chance he frequents imageboards too. Considering his elementary knowledge of security this points at using something like 4chan rather than a Tor-based imageboard where users are using text-based browsers and de-anonymization would be devastating)).
Could just be plain old user agent comparisons too as VPNs do not mask this (Tor does. Tor is more than just sending your packets through a large chain of nodes. It also protects you by making every user look as though they're using the same version of Firefox on Windows 10 even though you could be using, say, Debian). Multiple Boingo socks have been identified previously and this new sock using Tor would be an anomaly, probably not him.
With the VPN you can look at which IPs belong to which corporation. There are sites that exist for documenting these IPs to help webmasters block spammers. You could find Boingo this way by looking at which VPN the IPs belong to, and correlating it with other identified socks.
And there's dozens of other ways I'm too lazy to go into. Really depends on how much time you have to autistically wade through information. Ride hasn't found my sock yet so he obviously isn't that good.
