[tor-talk] End-to-end correlation for fun and profit

Maxim Kammerer mk at dee.su
Tue Aug 21 18:42:35 PDT 2012 

On Wed, Aug 22, 2012 at 3:29 AM, Ted Smith <tedks at riseup.net> wrote:
> I ran this script on the current consensus. The full results (the
> nodes-sniff-summary file) are below my signature. How did you compile
> the country-codes to IPs list? That wasn't produced by the script.

Manually, using WHOIS and traceroute. This can be done automatically
using GeoIP, but I wanted to be sure in the results (also visited some
hosting sites), and writing a proper program would deviate too much
from the initially intended bquick hackb design.

> It's comforting that this approach yields quickly diminishing returns.
> Going from 25 to 60 networks only gets you a 10% increase in networks
> surveillance (if I'm reading the output correctly), and returns plateau
> entirely at that point (I'm considering about two percent to be in the
> noise, which may not be appropriate to this domain).

That's why I insist that everyone should be a relay by default, even
if there are some theoretical issues that weren't worked out yet [1].
Making everyone a relay also results in a healthier users community (I
think I2P is one), and more intrinsic network growth.

> Also, it's not immediately clear whether eavesdropping those networks
> would actually get you strong enough correlation to accurately
> de-anonymize users[1]. If our rodent(?) friend(s?) could comment on
> this, I'd appreciate their expertise.

Quoting [2] (referenced by fakefake): bTor has been long suspected,
and later confirmed [11,12], to be vulnerable to an attacker who could
observe both the entry and exit point of a connection through an
anonymity network.b

> I also think that if it were possible for "unsophisticated law
> enforcement" to deanonymize Tor users, they would already do it. If I
> remember correctly, the Tor project gets a lot of requests from law
> enforcement to deanonymize Tor users for them, which indicates that they
> can't do it themselves (Andrew Lewman would be able to say if I'm
> correct or not).

Well, it of course depends on what one calls bunsophisticatedb. E.g.,
if one judges by IACIS email dump [3], then most investigators hardly
understand what they are doing when it comes to unfamiliar
technologies (like Tor). So maybe you need them to be bsophisticatedb,
after all, but my point was that you don't need something exceptional
like involving state security agencies b i.e., FBI + UK Police + DE
Police + a couple of other countries, coordinating via Interpol does
not sound impossible to me. I will also expand on that in a reply to
Roger.

[1] https://www.torproject.org/docs/faq#EverybodyARelay
[2] http://petworkshop.org/2007/papers/PET2007_preproc_Sampled_traffic.pdf
[3] http://www.theregister.co.uk/2011/11/25/anon_cybercrime_investigator_leak/

-- 
Maxim Kammerer
LibertC) Linux: http://dee.su/liberte
_______________________________________________
tor-talk mailing list
tor-talk at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list