[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #6473 [Analysis]: bandwidth related anonymity set reduction

To: undisclosed-recipients:;
Subject: [tor-bugs] #6473 [Analysis]: bandwidth related anonymity set reduction
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Fri, 27 Jul 2012 23:37:46 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 27 Jul 2012 19:37:09 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#6473: bandwidth related anonymity set reduction
----------------------+-----------------------------------------------------
 Reporter:  proper    |          Owner:     
     Type:  defect    |         Status:  new
 Priority:  normal    |      Milestone:     
Component:  Analysis  |        Version:     
 Keywords:            |         Parent:     
   Points:            |   Actualpoints:     
----------------------+-----------------------------------------------------
 Attack:
  * The target hosts a hidden service.
  * A linguist determines, the target is living in country X.
  * Or it's a blog about things in country X.
  * Thus, the assumption that the target's hidden service is running in
 country X has a high probability to be true.
  * Easy to research (example): the fastest A Mbps line is only available
 in a very few parts of the country. Maybe only in one city. Most people
 have B Mbps and a few one still an old contract with the slow C Mbps.
  * The adversary buys lots of servers in different countries, installs Tor
 on those servers and uses Tor as a client.
  * The adversary can build now lots of circuits from geographical diverse
 places and probes the server by connecting to it's hidden service. The
 adversary can now accumulate how much down/upload speed the hidden service
 can provide.
  * Thus, the adversary knows now something more about his target and if A
 Mbps is only available in a few places he has nailed down the amount of
 suspects.

 Another unrelated open question:
  * Preliminary consideration: Unless stream isolation is used, exit relays
 can correlate different activity from one user.
  * Can exit nodes differentiate "This is the user who keeps on reading
 some.site with a A Mbps line vs this is the user who keeps reading
 some.site with a C Mbps line line?"?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6473>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #6473 [Analysis]: bandwidth related anonymity set reduction
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #6468 [Tor Relay]: OR connection early-flush code in connection_handle_write_impl is needless
Next by Author: Re: [tor-bugs] #5742 [Firefox Patch Issues]: Fix image cache url isolation
Previous by thread: Re: [tor-bugs] #3507 [Tor Hidden Services]: Allow tor hidden services to delegate to operational public keys
Next by thread: Re: [tor-bugs] #6473 [Analysis]: bandwidth related anonymity set reduction
Index(es):
- Author
- Thread