[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] ru news

> To correlate Tor traffic you need to control a majority of nodes. If
> both Russia and NSA try to control them, both fail.

In all fairness, AFAIK if someone controls one entry guard and one exit
node, they can correlate all traffic that uses those two nodes for entry
and exit.  If there are roughly 2000 entry guards and 1000 exit nodes on
the network and if Tor clients select entry and exit nodes at random, for
every server you control, you can correlate roughly 0.00005% of the traffic
on the network.  Divide that number by roughly seven for hidden "onion"
services, since that traffic can use any relay as an "exit" node, and
perhaps more than seven if the hidden service disguises itself as a Tor
relay so the traffic destination becomes more difficult to determine.

"A traffic confirmation attack is possible when the attacker controls or
observes the relays on both ends of a Tor circuit and then compares traffic
timing, volume, or other characteristics to conclude that the two relays
are indeed on the same circuit. If the first relay in the circuit (called
the "entry guard") knows the IP address of the user, and the last relay in
the circuit knows the resource or destination she is accessing, then
together they can deanonymize her."
email has been sent from a virus-free computer protected by Avast.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to