Re: Dishonest Tor relay math question - tor-talk is to lazy
On Mon, 11 Oct 2021 03:18:15 +0000 PrivacyArms <privacyarms@protonmail.com> wrote:
Thanks. I will read the linked paper, but Tor uses connection padding. Maybe your information is out of date?
Nah. Tor uses some kind of limited padding, but it doesn't have constant rate links at all. Likewise, they added some kind of defense against website fingerprinting but who knows how well it actually performs. https://github.com/torproject/torspec/blob/main/proposals/251-netflow-paddin... Also notice that if they are patching some stuff, that is an admition that there were problems. Of course it's good that they did some upgrading but how far does the upgrading actually go? Last but not least that paper is from 2013. I think we can safely assume that the traffic analysis capabilities of GCHQ-NSA and the rest of govcorp have been upgraded as well.
Isn't the EFF the same group circle as the Tor Project?
yes indeed they are. But the article talking about 'parallel construction' and how the DEA gets information from the NSA is simply reporting a bunch of facts. You could learn them from other sources but I just had that link handy.
On 11/10/2021 04:59, Punk-BatSoup-Stasi 2.0 wrote:
On Mon, 11 Oct 2021 03:18:15 +0000 PrivacyArms <privacyarms@protonmail.com> wrote:
Thanks. I will read the linked paper, but Tor uses connection padding. Maybe your information is out of date?
Nah. Tor uses some kind of limited padding,
It's designed so that routers which are configured to report per-flow totals on an entry node's traffic will aggregate more packets into the reported per-flow session totals. Marginally effective in the short term if the attacker is using per-flow logging data, but less effective against long-term correlation attacks and near-useless if the traffic data used isn't aggregated, as might be collected by GCHQ or (I'd expect) NSA in a packet-logging rather than per-flow-logging configuration. Afaik all backbone routers can be configured for packet or per-flow logging. Per-flow logging is used by ISPs to improve service and per-flow log storage is cheaper than packet-log log storage, so it is used more. But I expect the big boys, NSA, GCHQ etc, can get packet logs whenever they want them. Especially if it's only for a goodly proportion of the few thousand Tor entry and exit nodes. Against the elephant? Tor's padding is totally useless. Peter Fairbrother
Tor uses some kind of limited padding,
Tor Project Inc added netflow padding after someone started posting on netflow, general TA, and Sybil problems. Then TPI censored, banned, and booted them out after they kept publicly posting about TA and other insidious and inconvenient problems such as Sybil. Now with Sybil, like before with padding, they never credit mention the poster's work, and try to phrase claim that TPI was the natural origin self impetus source to do the pad and Sybil just at those moments in time, when they had decades to do that since they knew the weaknesses since decades... No, they were just getting exposed is why... lol. Just like their netflow padding doesn't do much, neither does their current Sybil proposal. Some interest in real security surely exists, but it definitely gets distracted by $ponsors who pay for other things, all to half of said money for decades has been from Government, which many define as a problematic source of conflictive influencing.
Afaik all backbone routers can be configured for packet or per-flow
At high line rates it takes serious HW to do full spyveillance capture or flows, sampled and aggregated flows are common for ISP service when those aren't needed.
can get packet logs whenever they want them.
They can "get" them, but there's no need to go external for that when they can just troll the output of their own private TOP-SECRET FVEY taps that feed into their global internet buffers at Bluffdale and elsewhere. Same for what they get from their Corp-is-aware feeds obtained under different "authorities".
Against the elephant? Tor's padding is totally useless.
Not only the elephants anymore. Netflow traditionally a quaint thing used by ISP's and LEA's to match up endpoints, subpoenas, abuse, bots, traffic stats, etc... it can work to some percent to follow some tor traffic cases, but it isn't a generalized form of TA. Today really anyone with a brain and some code can begin to general TA characterize streams of bytes counting and timing over various size windows, and hunt for that pattern where it also appeared on their other boxes. Good luck trying to make a factor of defense improvement against general TA without trying a fulltime enforced and reclocked base layer of dynamic chaff. Submit papers for acceptance into tor alternatives :) "Tor Stinks -- NSA"
participants (3)
-
grarpamp
-
Peter Fairbrother
-
Punk-BatSoup-Stasi 2.0