On 6/5/16, Not Friendly <notfriendly@riseup.net> wrote:
After about an hour of brain storming I may of found a way to stop traffic correlation attacks. The idea is to add an artificial delay of a few randomized ms (two separate delays, one to the tor exit and another deal on traffic exiting the network) and add an extra chunk of randomized data (just a small random amount of KB that never exits the network). It would make traffic harder to correlate. What are your thoughts on this?
Doesn't work. "never exits" - GPA's don't necessarily need to correlate any internal flows. They can look only at the endpoints. The minute you insert traffic that lights up some other endpoint, in an otherwise sufficiently quiet network, or distinguishable way (bytes / latency [pump], which is made even easier for them if they reign over an endpoint), you're done. You need fulltime regulated fill traffic, within which, your traffic resides.