[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] NSA, Tempora, PRISM And Company always know who is behind Tor?

> tor uses a circut guard - middle - exit and unless the NSA can get access
> to the guard's isp, the middle's isp, and the exit's isp which more than
> one of them may be in a country that hates the US they can't see what your
> doing and prove it was you. Also even if you had a .pcap of each networks
> traffic it would be very difficult to put the information back together.

This isn't necessarily true. Look at your usage pattern... say you
transfer a 100MiB file. All the adversary has to do is be able to
observe and discriminate out the server and your client, hops don't matter.
One 100MiB transfer, in and out, at the same time, noting also, if needed
to discriminate among endpoints, the start and end times of the transfer
bitrate delta. The only thing that might save you is if one or both ends are
bandwidth saturated within a single multiplexed TCP stream, aka cover
traffic. Tor does not saturate links or always use a single TCP stream. Nor
is your client or the server always busy. This matching is not an easy task,
nor is it known to have been used against anyone, but it is possible.
Read up on timing and correlation attacks in the anonbib.
tor-talk mailing list