[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [OT] mitigating or defeating syntax analysis

On Thursday 17 April 2008 15:04:05 scar wrote:
> assume there is a global adversary trying to track down an anonymous
> Tor-user by using syntax analysis.  that is to say, gathering sets of
> sentences or paragraphs from e-mails or forums, etc. and then
> recognizing similarities in the syntax (that is, the way the sentence or
> paragraph is written) in order group anonymous text with non-anonymous
> text and ultimately reveal the identity of an anonymous user, based on
> the way they write, basically.  the field of psycholinguistics would
> probably be a good resource for this type of analysis.

Most reasonable tor clients will go through the trouble to use an 
SSL/TLS-encapsulated protocol to make sure their communication isn't 
trivially readable at the exit node.

It's a little more work, but SMTP, IMAP and web browsing can conceivably all 
be enciphered even as it travels the normal internet.  Most Unix system 
administrators already know why to use SSH as opposed to telnet, for similar 

> i hope that's clear enough.  so, Tor can help defeat network traffic
> analysis.  now, how can the anonymous user (or, more accurately,
> talker/writer/blogger) mitigate or defeat this syntax analysis?  are
> there any scholarly papers or websites with this information, or at
> least talking more about syntax analysis (perhaps there is a more proper
> technical term)?  for example, i think one rule would be to always use
> proper capitalization and punctuation, something i never do in my
> non-anonymous writing. ;)

I'm under the impression that trying to use Tor to help obfuscate what you're 
doing beyond Layer 4 is using the wrong tool for the job.