On 3/18/16, Oskar Wendel <o.wendel@wp.pl> wrote:

Let's set up a service in a way that it will modulate the traffic, so the download would look like:

That's active manipulation in / at one endpoint node.

Then, we monitor traffic flowing into various entry nodes (remember we're a global adversary, having direct access to infrastructure around the globe) and spot the traffic that matches our pattern.

That's global / regional passive listening, needing be concerned minimally visibility with just any other G/R IP endpoints without needing track entire path. Which, if presumed and likely to be deployed, combine to be nicely effective, whether finding such clients, or services on Tor, I2P, etc. Attack could be made much more difficult quite possibly defeated if all nodes engaged in bucketed reclocked and jittered fill traffic with each other (possibly along some virtual path distance >=1 hop) and enforced peering relationships based upon receipt of same expected and contractually obligated traffic (would you talk to or retransmit for a node that acted sent packets as you say... fuck no).