[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Torbutton Documentation - Adversary Capabilities. - fork: Normalization of XHR requests

Paul Syverson wrote:
Tor doesn't do any batching or delaying.  This is just another way you
could be identified by timing attacks. Tor provides no resistance to
timing attacks, and so far there are no countermeasures that have
been identified as working against a passive, much less active, adversary
without imposing unacceptably high overhead or limitations.
Since Tor's inception (must be getting ion for 10 years now) it has been getting faster year after year, this is due to network speed and bandwidth increases, which have been about a 200 fold (e.g. speeds of 100+Kbps max 2003 to 20+Mbps today).

OK, there have been some increases in web page byte size but it not more than 10 fold.

That means a real speed increase of at least 10 fold. So perhaps Tor developers should start putting in some "timing attack" protection. It seems to me that the time is right. What is holding them back? Are they afraid of global big brother complaining they cannot identify users at will? Anonymous should mean anonymous, no?

 Most have
these limitations and still don't work.

See the blog post

To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/