On 6/2/16, Georgi Guninski <guninski@guninski.com> wrote:
On Thu, Jun 02, 2016 at 12:13:10AM -0400, grarpamp wrote:
deanonymise Tor users by examining the timing of connections going in and out of the Tor network. ...
isn't this well known, especially if they inject delays in suspects (or say districts)?
On global backbones... Inject / drop / delays require a complete fiber cut and insertion of active hardware capable of selecting traffic. A carrier that cares about such things must not ignore their line diagnostics. If you had insane alien tap tech capable of precise timing, invading wavelengths, and faster-than-subject-fiber processing and transmission... dropping could be done without cut by laser corrupting CRC / addresses with gain hits or losses, whiteout, etc... injection is similar, delay is drop and injection. Adversaries couldn't do sneaky blackbag shit to the fiber if carriers would encrypt all their links, like Google now says it does internally. All bets are off if the carrier is partner with, or under threat of, adversary... regarding global telecoms (remember Qwest), this paragraph seems the most likely of all the above. Continental, regional, district... more or less the same thing. On the last hop mile RJ-45 of a suspect end user... childs play, and they're fucked at that point anyways.