|
Thanks, I have some comments that may help... Max Berger wrote: It is not a given IP addressed account - its only accessed via tor and not a Yahoo account.Am Freitag, den 11.01.2008, 09:44 -0800 schrieb Anon Mus: If this one is able to do a traffic analysis on this IP-address and knows the login time at the pop/imap-Server of yahoo, a well defined pattern of mail sizes could help. I agree - I am using POP3 + SMTP (over SSL) to connect. And if I am on-line and thunderbird is up then it could create just enough delay to be seen. But the mail account is in the USA, so they could see the download precisely and the EXIT server if they had US help. Of course they could watch the streams from the exit server looking for the precise "size" pattern (and could probably calculate the sizes anyway). Then they only need to look for the traffic connected tor the tor network in the suspected country of connection origin. e.g. in the suspected country of origin filter traffic - by time band - by tor network node source - by packet size pattern and you get a list of possible IP's who could be the suspect. Do this a couple of times for confirmation of suspects real IP. Lookup IP in ISP's records. Give suspect a medal for identifying criminals (-yea sure-). But in this case I think it's not useful for him, to send these mails in such short intervals, because you would fetch both mails at one login and in one stream of data... Max I had no idea my contact may be an intel-op posing as an activist. So therefore I was not concerned that I should be up against intel community. It would be interesting to hear if any other tor users have gotten similar email patterns. Maybe its a new intel technique against tor. More reliable than a straight forward timing attack. -K-
Never miss a thing. Make Yahoo your homepage. |