Hidden service persistent connections (Traffic Analysis)

grarpamp grarpamp at gmail.com
Sat May 18 21:49:51 PDT 2019


On 5/17/19, Memory Vandal <memvandal at gmail.com> wrote:
> Are client connections to a hidden service .onion address that do not
> disconnect for hours safe?
>
> It may be a big file download or multiple keep-alive transactions that uses
> the established connection over and over for lets say few hours.
>
> If its not safe then what should be the max time a connection to .onion
> service should get disconnected so that it uses a new circuit when it
> reconnects?

GPA and big global and regional network operators
can pull out traffic patterns. NSA's own slide decks
and papers, as well as academic researchers whitepapers
in tor bib and elsewhere have confirmed this.

Here are some degenerate traffic pattern...

while : ; do wget onion ; sleep 5 ; done
ping6 -w 5 <onioncat_peer>

Who thinks those is or is not observable?

Now receive or send your real N-GiB file, plot the packet
timings and bandwidth variations going aross your nic.
Do not forget the circuit creation wavefront either.

Who thinks those are or are not observable at the
other end (and even throughout in some cases)?

Now add in targeted DoS blinking out nodes.
And add in Sybil.

Who disbelieves those tools effective?

Who disbelieves "Op Ivy Bells" "641a" "Bumblehive" and "parallel construction"?


Tor and many other overlay networks fail to
deploy traffic fill and regulation, or try traffic
mix and other various means to lessen or
defeat such analysis.

There are a few papers and overlays and hardware
hopefully trying such and other things for the near future.

You can list all the ones you can find here if you want,
and see about creating, running and supporting them too.


Maybe if you adopt true distributed privacy cryptocurrency
instead of central fiat shitcoins you can start put them
spyings and so many other bad things against
humanity into "max defund time" too.

Wake up.


More information about the cypherpunks mailing list