On 11/10/2021 04:59, Punk-BatSoup-Stasi 2.0 wrote:
On Mon, 11 Oct 2021 03:18:15 +0000 PrivacyArms <privacyarms@protonmail.com> wrote:
Thanks. I will read the linked paper, but Tor uses connection padding. Maybe your information is out of date?
Nah. Tor uses some kind of limited padding,
It's designed so that routers which are configured to report per-flow totals on an entry node's traffic will aggregate more packets into the reported per-flow session totals. Marginally effective in the short term if the attacker is using per-flow logging data, but less effective against long-term correlation attacks and near-useless if the traffic data used isn't aggregated, as might be collected by GCHQ or (I'd expect) NSA in a packet-logging rather than per-flow-logging configuration. Afaik all backbone routers can be configured for packet or per-flow logging. Per-flow logging is used by ISPs to improve service and per-flow log storage is cheaper than packet-log log storage, so it is used more. But I expect the big boys, NSA, GCHQ etc, can get packet logs whenever they want them. Especially if it's only for a goodly proportion of the few thousand Tor entry and exit nodes. Against the elephant? Tor's padding is totally useless. Peter Fairbrother