On Wed, Mar 7, 2012 at 12:20 AM, Seth David Schoen <schoen@eff.org> wrote:
andrew@torproject.is writes:
I was concerned that the graphic should not make people think that _no one_ can ever associate them with their browsing when they use Tor. I've been taught to think of the GPA threat (and other traffic correlation threats) as real, so I thought people should have some indication of those threats.
Now bear in mind that I'm just a Raccoon, but some time ago I scrawled a proof out that showed that the correlation accuracy of a "dragnet GPA" goes down in proportion to the square of the number of concurrent users using an anonymization service: http://archives.seul.org/or/dev/Sep-2008/msg00016.html The belief that you can test a correlation system independent of a population size is called the Base Rate Fallacy, and I believe much of the PETS timing attack literature suffers from it. In that post I demonstrated the effect the Fallacy has on dragnet correlation. I also gave some example calculations for how accuracy changes from different points of network surveillance with respect to population size and correlation accuracy. With end-to-end encryption and proper Tor cell size choice, the NSAs odds of watching everyone all the time (Example 1 in my post) and getting the correlation right are low and do clearly drop as more people use Tor. Therefore, I think the most accurate representation would be to put a question mark next to the data link between the two NSA dudes in your graphic, because they aren't exactly sharing perfectly; they are consulting each other, correlating observed traffic patterns with some error rate, and rolling the dice. A question mark captures this well. Putting "Capabilities Uncertain" underneath the question mark or as a footnote might be even better, if we already have newspaper articles citing the graphic as proof Tor is broken... P.S. To the list administrators, it looks like the new archives have truncated my proof at the new archive: https://lists.torproject.org/pipermail/tor-dev/2008-September/002493.html _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE