On Wed, Mar 26, 2014 at 2:47 AM, rysiek <rysiek@hackerspace.pl> wrote:
... I meant a situation in which the NSA can listen-in on any connection in the clearnet, including connections between Tor nodes.
ok. this is sounding like classic traffic analysis (on the "metadata" rather than the content, so to speak).
They *can't* break the encryption nor do they have the keys...
ok.
...*But* (esp. if most of these nodes are in the US) they *can* observe that in sequence there are packets being sent between IP1, IP2, IP3 and IP4, and that these packets get smaller at each step, in a way that is coherent with removing layers of Tor encryption.
Tor cells use padding, but this alone is not sufficient to defeat traffic analysis.
What they can get from that is information; IP1 is communicating via Tor with IP4.
So now they know whom to target with QUANTUM when they'd be using clearnet for something.
this is why i am fond of everything dark! namecoin to hidden services, no DNS, no plaintext. (not entirely defeating QUATUMTHEORY, but much of it!)
Tor encryption gets less relevant if NSA gets access to the endpoints via other means, and for that they need to know whom to target. Observing packets flying between Tor nodes can give them that info -- at least that's a suggestion somebody made elsewhere.
the anonymity set is large, but maybe that isn't sufficient. this is exactly the same argument for or against zero knowledge mixes. sure, they offer stronger protection from traffic analysis, but the anonymity set of users is tiny, making that theoretical hardness useless in practical terms.
So my question is, does that make sense? Is that a viable threat?
depending on where you stand, and what network you egress, it may make absolutely perfect sense - Tor use alone drawing scrutiny that draws conflict. from my personal experience, _not_ in places where Tor use alone is suspect, it has been a essential tool. if you're concerned about NSA/TAO/SSO then you're speaking of two broad domains of concern: 1. pervasive, passive global intercept - this is where Tor and encryption come in. you've just made it harder, and turned something global and passive ineffective, pushing activity toward: 2. tailored access - the black bag jobs, weaponized exploits, HUMINT attacks, etc. if you've pushed your adversary to these means, you've achieved a COMSEC and symbolic victory. you don't defend against #2, you just fail less quickly...[0] 0. there are exceptions. these are left an exercise for the reader :)