[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Projects to combat/defeat data correlation

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Projects to combat/defeat data correlation
From: Moritz Bartl <moritz@xxxxxxxxxxxxxx>
Date: Thu, 16 Jan 2014 05:02:26 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 15 Jan 2014 23:02:20 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=headstrong.de; h=content-transfer-encoding:content-type:content-type :in-reply-to:references:subject:subject:mime-version:from:from :date:date:message-id:received; s=mail; t=1389844928; x= 1391659329; bh=UeX1tZEM9A7JtlfX0X94AN5C8S/Vhi+n6z1UZqQxnjA=; b=G efjnJ3dgPXjJvVE2MlQSHSFXxymISr8vX2PqL3BWvefiFw+sewB63eqTbgAMNK2w b+7D87BKEPISTswNXOrKUT3EfdMUjEAvrvg+37zsE5Ok2ERPuFhmhslgWvncdmjp W4MsfB8kEg1gBOCZI7QoOKCsd/0uVCAvE7RiRtICbM=
In-reply-to: <CALLnFZzePSY9btqC2HuQm-=_LUtg4teGMgybovw8s7drA-XMQA@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CALLnFZzePSY9btqC2HuQm-=_LUtg4teGMgybovw8s7drA-XMQA@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On 01/16/2014 04:16 AM, Jim Rucker wrote:
> There was a story in the news recently of a Harvard student who used Tor
> to send a bomb threat to Harvard in order to cancel classes so he
> wouldn't have to take a test. He was apprehended within a day, which
> puts into question the anonymity of Tor.

The way I understand it is that they did not exploit a weakness in any
system, they just (more or less) performed regular police work.

See https://www.schneier.com/crypto-gram-1401.html#3

> From my understanding (please correct me if I'm wrong) Tor has a
> weakness in that if someone can monitor data going into the relays and
> going out of the exit nodes then they can defeat the anonymity of tor by
> correlating the size and number of packets being sent to relays and
> comparing those that the packets leaving the exit nodes.

It is not that simple, but in principle you are correct. A good paper to
read about this is http://freehaven.net/anonbib/#ccs2013-usersrouted

See anonbib also for mitigations that were suggested and investigated
over time (which are not that easy either).

-- 
Moritz Bartl
https://www.torservers.net/
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] Projects to combat/defeat data correlation
  - From: Jim Rucker

Prev by Author: [tor-dev] txtorcon 0.9.1
Next by Author: Re: [tor-dev] On the security of a commit-and-reveal solution for #8244
Previous by thread: [tor-dev] Projects to combat/defeat data correlation
Next by thread: Re: [tor-dev] Projects to combat/defeat data correlation
Index(es):
- Author
- Thread