Internet Scale Forensic Traffic Correlation

Rich Jones
Wed Jul 22 09:23:02 PDT 2015

Have we seen any evidence of the ability of the NSA/FIVEEYES to do internet
or national scale retroactive traffic correlation? Not just for Tor exit
nodes, but for any arbitrary connection.

For instance, if I upload a 64.32Kb exploit to a server, and they know
forensically that the exploit arrived at 12:01:01PM, do they have the
capability to see all connections, internet-wide, which sent ~64.32Kb of
data within the previous, say, ~500-2000ms? (A useful capability for
anybody trying van paedos behind 7 proxies, but bad news for hackers,
junkies and other weirdos.)

Technical details around this capability would be very useful for designing
high-latency and chaff-based anonymity tools. Ex, a global chaff network to
cover a given byte-size range, steganographic proxies, etc.

Another one to add to the list of "if you happen to have access access to
the Snowden cache, please set this information free" requests (along with
any info compiler backdoors, KH-13, operating system backdoors, transit
cards, cryptocurrencies, burners, advertising industry partners, Oracle,
Narus, etc etc etc..).

Pretty please, massa Greenwald?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the cypherpunks mailing list