Once again: Tor timing attacks and a Tor confession

Tue Mar 1 00:15:44 PST 2016

On 3/1/16, Georgi Guninski <guninski at guninski.com> wrote:
> Is jitter/fill traffic full solution?

Again, to what threat model?

I've only mention GPA, fix for which may involve, at possible minimum,
all nodes encrypting full fill traffic reclocked with jitter, under
some form of negotiated and enforced possibly dynamic traffic
contracts with peers.

I may also be on crack.

> What if they disrupt or slow X times your traffic to Tor?

That's an active attack, not a GPA trolling through packets.

Then your peers may de-peer you until things look normal.
Or it may take a while for you to get signal through.

And if they're already close enough to disrupt you
specifically, you've probably got other problems.

> This will be observable at the other end.

Not when every node is doing reclocking and de-peering
peers that seem to be misbehaving or dishonoring contracts.

> Probably easier is to just own me via some application
> sploit (as suggested in this thread).

Again, that's active, and application level, not GPA.

> RE:  cost of ownage/minor offenses.
> Don't exclude the possibility single investment to result
> in compromise of all of Tor and then deanonimizing will
> be just a simple query.

You mean like rooting a bunch of Linux nodes, 6+:1 ratio ...

6831 Linux
 696 Windows
 291 FreeBSD
  74 OpenBSD
  33 Darwin
   8 NetBSD
   4 ElectroBSD
   4 Bitrig
   3 SunOS
   2 DragonFly
   1 GNU/kFreeBSD
   1 CYGWIN_NT-10.0-WOW

Or compromising the repo or developers or 3rd party libraries...

Or asking your friends AT&T et al to help...

What's the threat?

>  "NSA can deanonimize some Tor users ...

Again, talk about whatever, but people need to specify the
threat model if they're going to really discuss solutions.

Nor is Tor the only active network currently subject to attack.

> This is consistent with the fate of Lulzsec.
> According to the official story (which I don't believe),
> the first of them got caught because "he forgot to use
> tor when on irc..."

Do they and their court docs officially say that?
Or just some blogger reading 4chan?