https://www.freehaven.net/anonbib/cache/back01.pdf This attack reveals what seems to be a fallacy in theoretical definitions of security. For example, in [28], the authors state that if links are padded or bandwidth is limited to a constant rate, one can ignore passive eavesdroppers8. This is technically correct if a passive eavesdropper is defined as someone who cannot access the network as a reg- ular user and compute timings on the network (which is implied by the definition used in most theoretical work). However this attack model is not very interesting and defi- nitely misleading. The latency attack pointed out above and the next attack we present demonstrate that if an attacker can simply compute timings (which is as passive as one can expect an attacker to be in practice), or use the system, link padding or bandwidth limiting links to a constant rate does not protect the system against easy traffic analysis attacks.