Once again: Tor timing attacks and a Tor confession

Georgi Guninski guninski at guninski.com
Sun Feb 28 23:46:56 PST 2016

Searching the web for "tor timing attacks" (without quotes)
returns too many hits.

Short summary and PoC is at [1].

At [2] Tor (and/or DoD) confess:

> The Tor design doesn't try to protect against an attacker who can see
> or measure both traffic going into the Tor network and also traffic
> coming out of the Tor network.

NSA and the like  definitely can "see" traffic almost everywhere,
so Tor doesn't protect against the NSA, right? (some people learnt
this the hard way).

IMHO the first fucking thing Tor must do is to make the user click
at least three times on the above disclaimer.

Trying to make the rant on topic:

Is it theoretically possible at all to make low latency anonymity
of sufficiently decent quality?

[1] http://seclists.org/fulldisclosure/2014/Mar/414
PoC: End-to-end correlation for Tor connections using an active timing
[2] https://blog.torproject.org/blog/one-cell-enough

More information about the cypherpunks mailing list