[tor-talk] de-anonymization by correlating circuit changes

[bemoo129@xxxxxxxxxxxx]

Hello,

The last days, i discovered this problem by using tor: According to 
the specification, every TOR circuit is used for 10 minutes. AFter 
this time, a new one will be choosen.

Many Providers have to log some Packets passing their networks 
(e.g. in Denmark every 500th IP-packet has to be logged.) First, I 
thought, thats not a problem for TOR, because nearly always more 
then one are using one server.

Bute if every users circuit has its own lifetime, you could very 
easy detect: At time X there are no Packets from IP x.x.x.x (viewed 
Website e.g.) anymore, and also no Packets to IP y.y.y.y (another 
TOR relay). You can also see: At time Y, IP x.x.x.x and y.y.y.y 
occour the first time (simultaniosly), so you know, they belong 
together.

It would be much better, if every TOR relay would decide on its 
own, to close all circuits on the same Time - then you could 
corelate the time, because all Circuits are stopped/startet on the 
same time.

I tried to finde out, how this works in reality:

It was very strange, my TOR client sometimes uses a new circuit 
after only 5 minutes, sometimes after 4, sometimes after 7 for 
example. It would be nice, if someone could explain me this, 
thanks!

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk