[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] noise traffic generator?



Major features (traffic analysis resistance):
Connections between clients and relays now send a padding cell in each direction every 1.5 to 9.5 seconds (tunable via consensus parameters). This padding will not resist specialized eavesdroppers, but it should be enough to make many ISPs' routine network flow logging less useful in traffic analysis against Tor users.

Padding is negotiated using Tor's link protocol, so both relays and clients must upgrade for this to take effect. Clients may still send padding despite the relay's version by setting ConnectionPadding 1 in torrc, and may disable padding by setting ConnectionPadding 0 in torrc. Padding may be minimized for mobile users with the torrc option ReducedConnectionPadding. Implements Proposal 251 and Section 2 of Proposal 254; closes ticket 16861 <https://bugs.torproject.org/16861>.
Relays will publish 24 hour totals of padding and non-padding cell counts to their extra-info descriptors, unless PaddingStatistics 0 is set in torrc. These 24 hour totals are also rounded to multiples of 10000.
Copied for tor-0317-now-released <https://blog.torproject.org/tor-0317-now-released>

> On Oct 6, 2017, at 4:03 PM, Jacki M <jackiam2003@xxxxxxxxx> wrote:
> 
> TorProject has added some traffic padding in Tor 0.3.1.7 <https://blog.torproject.org/tor-0317-now-released>
> And they are working on Adaptive traffic padding 254-padding-negotiation <https://gitweb.torproject.org/torspec.git/tree/proposals/254-padding-negotiation.txt>.
> 
>> On Oct 6, 2017, at 12:12 PM, Seth David Schoen <schoen@xxxxxxx <mailto:schoen@xxxxxxx>> wrote:
>> 
>> Matej Kovacic writes:
>> 
>>> Hi,
>>> 
>>> there is some interesting project called Noiszy: https://noiszy.com/ <https://noiszy.com/>
>>> 
>>> It generates fake traffic. It is more "artists" project that real
>>> countermeasure, but I am thinking to implement something like this on my
>>> network with several machines inside.
>>> 
>>> However, the main problem is that Noiszy works too random, and is not
>>> "walking" in websites enough time and enough consistent to give an
>>> impression someone is really browsing something.
>> 
>> There have been a few projects in this space before, like Helen
>> Nissenbaum's TrackMeNot, and at least two others that I'm not thinking
>> of right away.
>> 
>> I agree with your concern that it's currently too easy for an adversary
>> to use statistics to learn if traffic is human activity or synthesized.
>> Another problem is that the sites that the traffic generator interacts
>> with might themselves get suspicious and start responding with CAPTCHAs
>> or something -- which would then also reduce the plausibility of the
>> traffic.
>> 
>> I also wonder if someone has studied higher-order statistics of online
>> activity, in the sense that engaging in one activity affects your
>> likelihood of engaging in another activity afterward (or concurrently).
>> For example, you might receive an e-mail or instant message asking you
>> to look at something on another site, and you might actually do that.
>> On the other hand, some sites are more distracting and less conducive
>> to multitasking than others.  For example, you probably wouldn't be
>> playing a real-time online game while composing an e-mail... but you
>> might play a turn-based game.
>> 
>> There are also kind of complicated probability distributions about events
>> that retain attention.  For instance, if you're doing something that
>> involves low-latency interactions with other people, it's only plausible
>> that you're actually doing that if the other people were also available
>> and interacting with you.  The probability that a given person continues
>> communicating with you declines over time, and is also related to time
>> zone and time of day.  But there's also a probability that someone else
>> starts interacting with you.
>> 
>> Some of these things will probably have to be studied in some depth in
>> order to have a hope of fooling really sophisticated adversaries with
>> synthesized online activity.
>> 
>> -- 
>> Seth Schoen  <schoen@xxxxxxx <mailto:schoen@xxxxxxx>>
>> Senior Staff Technologist                       https://www.eff.org/ <https://www.eff.org/>
>> Electronic Frontier Foundation                  https://www.eff.org/join <https://www.eff.org/join>
>> 815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
>> -- 
>> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx <mailto:tor-talk@xxxxxxxxxxxxxxxxxxxx>
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>
> 

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk