Dishonest Tor relay math question - tor-talk is to lazy
grarpamp
grarpamp at gmail.com
Sat Oct 16 13:02:46 PDT 2021
On 10/16/21, Peter Fairbrother <peter at tsto.co.uk> wrote:
> except an observer can see when you are sending real
> traffic, somewhere within the burst. And maybe correlate that with some
> other network i/o
No, all a network tap can see is that you are moving
encrypted packets, they can't see inside them as to
chaff/wheat/content, can't time count or characterize
match them with any other node's traffic or perturb you
across the cloud because you've already negotiated strict
perform-or-die link contracts out your NIC with all your
nexthop nodes, and them out their own NIC to their peers
thus breaking discoverable network ripples ("bursts"), etc.
> assuming there is some other traffic on the network,
> how does the attacker know that A's solitary traffic is to onoin1 and
> not to someone else?
Doesn't matter if or where the rest of the net is saturated,
only A and onion1 need matched up, and if you're not doing
fulltime TA defenses then opportunities will exist to match,
so they tap A, run or tap onion1... including just tapping as
much net as they can from any sufficient vantage points such
as Tier-N ISPs, cablecorp landings, top secret cable taps...
dump all the nodes traffic into the pattern matcher, run matches
lining up all the bursts bumps waves megabytes jitters mouseclicks
sessions coffee breaks etc that they can see, game over.
As NSA said, you're probably not going to deanon
every stream every time upon demand, but...
- You don't have to, users will emit more chances for you.
- Matching engines software and hardware have advanced light
years ahead of where they were 10++ years ago when
those slides were generated, while tor has remained static [1].
The Tor Project and its people knew of the traffic analysis problem
since day one 20+ years ago, and have done almost nothing
since then to attempt to defeat it to any magnitude of reduction, and
have refused to prominently disclaim the problem to their funders
and users, instead choosing to bury it, taking down such warnings
and "bricking up" and censoring all their public comms channels
against such embarassing truths and points of consideration.
That's fraudulent, dispicable, hypocritical, stifling development, etc.
You decide.
But most importantly, and eventually, if not already, some
unsuspecting users who were tricked into buying the
glossy sales flyers are going to get fucked by it.
[1] More or less same for most nets in current use, and nets in R&D,
but subject is about big whale Tor, and its influence on the space.
More information about the cypherpunks
mailing list