Have we seen any evidence of the ability of the NSA/FIVEEYES to do internet or national scale retroactive traffic correlation? Not just for Tor exit nodes, but for any arbitrary connection.

For instance, if I upload a 64.32Kb exploit to a server, and they know forensically that the exploit arrived at 12:01:01PM, do they have the capability to see all connections, internet-wide, which sent ~64.32Kb of data within the previous, say, ~500-2000ms? (A useful capability for anybody trying van paedos behind 7 proxies, but bad news for hackers, junkies and other weirdos.)

Technical details around this capability would be very useful for designing high-latency and chaff-based anonymity tools. Ex, a global chaff network to cover a given byte-size range, steganographic proxies, etc.

Another one to add to the list of "if you happen to have access access to the Snowden cache, please set this information free" requests (along with any info compiler backdoors, KH-13, operating system backdoors, transit cards, cryptocurrencies, burners, advertising industry partners, Oracle, Narus, etc etc etc..).

Pretty please, massa Greenwald?
R