Am 18.10.2008 um 22:13 schrieb Roger Dingledine:
2) Maybe, consider starting circuits unpredictably before we want to attach a stream to them (we already mostly do that, since we buildcircuits preemptively), and closing circuits unpredictably after we aredone using them. The idea there is to make the TCP connection logs atISPs not correlate with when a given Tor stream started or stopped. I say "maybe" because it's far from clear that all ISPs will be forced to logTCP connection start and stop timestamps.
Wait, ISPs will _not_ log TCP connections (in general). Do you have any reference for that assumption? All sources I know don't let any doubt that ISPs will _only_ keep data, which they log anyways, that is which IP has been assigned to which user at which time. And even this information has to be deleted immediately after the internet connection (access, not TCP!), if it is not necessary for billing (flat rate contracts). This has been confirmed by German courts already. And this is in clear contradiction to the new data retention law. So it will be very interesting how this will continue, since it is assumed by many, that the data retention law violates the German constitution.
point. According to our research if an attacker manages to get data from both sides, this appears sufficient for linking the user to the website.
According to Raccoons calculations some weeks ago this isn't so easy as it seems. Did you do experiments in the real Tor network?
Regards, Sven
Attachment:
smime.p7s
Description: S/MIME cryptographic signature