[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Should I warn against Tor?

On So, Jul 07 2013, Christian Sturm wrote:

> [...]
> Lets pretend you want to make a connection to a US server. Your connection
> starts at the client side, so your computer, where it will be encrypted before
> it goes through Tor relays. Now given your Tor exit relay is in the US and
> your (probably unencrypted) traffic really leaves the network there Tor just
> provided you with an anonymizing, encrypting tunnel through those tapped IXs.

What Iâm worrying about is the following:

My encrypted traffic is stored at the tapped IX, say the NSA does
that.  The NSA also observes the traffic from the Tor exit to the US

As pointed out in the FAQ [1], Tor fails now, as they may perform a
correlation analysis to figure out that the connection to the US
server was coming from me.

(As Mike Perry pointed out [2]: The Raccoon showed that such
correlation suffers from the base rate fallacy.  Thus, correlation
might not be as simple as suggested by the FAQ and assumed in
several papers.  He also pointed to other attacks into which I did
not look yet.)

Best wishes

[1]  https://www.torproject.org/docs/faq.html.en#EntryGuards
[2]  https://lists.torproject.org/pipermail/tor-talk/2013-July/
tor-talk mailing list