Tor (and other nets) probably screwed by Traffic Analysis by now

grarpamp grarpamp at gmail.com
Thu Jun 2 22:07:23 PDT 2016


On 6/2/16, Georgi Guninski <guninski at guninski.com> wrote:
> On Thu, Jun 02, 2016 at 12:13:10AM -0400, grarpamp wrote:
>> deanonymise Tor users by examining the timing of connections going in
>> and out of the Tor network.
>> ...
>
> isn't this well known, especially if they inject delays in suspects (or
> say districts)?

On global backbones...
Inject / drop / delays require a complete fiber cut and insertion
of active hardware capable of selecting traffic. A carrier that
cares about such things must not ignore their line diagnostics.

If you had insane alien tap tech capable of precise timing,
invading wavelengths, and faster-than-subject-fiber processing
and transmission... dropping could be done without cut by laser
corrupting CRC / addresses with gain hits or losses, whiteout, etc...
injection is similar, delay is drop and injection.

Adversaries couldn't do sneaky blackbag shit to the fiber
if carriers would encrypt all their links, like Google now says
it does internally.

All bets are off if the carrier is partner with, or under threat of,
adversary... regarding global telecoms (remember Qwest),
this paragraph seems the most likely of all the above.

Continental, regional, district... more or less the same thing.

On the last hop mile RJ-45 of a suspect end user...
childs play, and they're fucked at that point anyways.



More information about the cypherpunks mailing list