On Thu, Feb 02, 2006 at 09:01:03AM -0500, force44@xxxxxxxxxxxxx wrote: > I copy below a part of the FAQ of JAP, my question is "Does it apply > also to TOR?". In other words, what is better to improve a TOR > user's anonymity: Stay connected a long time (or never disconnect, > if he uses a cable, DSL etc connection), or often disconnect (to > change his IP, for example) ? Actually, I think that the JAP FAQ answer is incorrect. I'll explain. Low-latency anonymity networks are vulnerable to end-to-end timing attacks: an attacker who sees both ends of the circuit can notice similarities in packet timing and volume, and thus match up the client to the exit. This attack is more powerful than the kind of long-term intersection attack that is described below. In a long-term intersection attack, you notice that Bob, on average, receives more when Alice is sending than when she is not. But if you can tell when Alice is sending and when Bob is receiving, you are presumably watching Alice and Bob, and so you can do a correlation attack instead. Defenses against correlation attacks are generally incompatible with affordable low-latency anonymity networks. If anybody has a defense which can be demonstrated to make these attacks appreciably harder without making the network unusable, they haven't demonstrated it to be so. The only circumstances I can think of where an intersection attack is possible but a correlation attack isn't are those where the attacker hasn't been collecting fine-grained data, but wants to track users after the fact; or where an attacker can't watch Alice and Bob directly, but can tell through indirect means when they are active (such as by pinging Alice's IP and noticing when her posts show up on Bob's blog.) So, to answer your question: I don't think it's particularly harmful or helpful for a client to stay online all the time. Tor will rotate your outgoing IP regularly either way, and the increased defense against intersection attacks probably isn't your biggest security concern. > >From http://anon.inf.tu-dresden.de/fragen/konzept_en.html#K7 > > Why does frequent connecting and disconnecting of the internet > connection reduce the level of anonymity? > > Someone observing your computer would know when you are connected to > the internet or to the anonymization service. If this observer also > observes the first mix in the anonymization service, he would see > connections and disconnections there as well. He could then draw > conclusions as to which user is visiting which website. > > Let us assume the following example: > > * It is known that a user is downloading a large file (for example, 50MB). > * It is also known that another user is only surfing. > > The observer also sees that one of them frequently connects and > disconnects from the internet while the other is constantly > connected. Then it's clear that the one who is constantly connected > is downloading the file and the other one is the one surfing. Somit > ist klar, wer von beiden die Datei herunterl??dt und wer nur surft. > > The problem remains even with many users. Statistical averages can > be made of people who were logged in at the same time. Thus it > becomes relatively easy to determine who did what at what time. yrs, -- Nick Mathewson
Attachment:
pgp757JgSQPTB.pgp
Description: PGP signature