Tor history and technology, was Re: Dishonest Tor relay math question

Mon Jun 5 14:45:09 PDT 2023

Even if it is an old discussion, it isn't going away. And no, snailmail 
expectations and constant bandwidth do not make it all just work. The 
web is not snailmail.

Also you missed the first line of my post:
[...] "The problem is user expectations, or perhaps perceptions of user 
expectations."

While I doubt many people would consider a couple of days a suitable 
response time for a web browser in an online world (except perhaps 
complaints departments), some others might, and it is often what you are 
used to.

Whether the theory/code creators were right in assuming that 5 seconds 
was necessary - well it's either 5 seconds or much longer and more 
covertraffic for real anonymity.

But TOR was supposed to be a web browser, and long response times are 
not part of that world.

TOR however took up much of the interest in anonymous communications, to 
the detriment of other options like Mixminion and the later ones.

As far as the NSA was/is concerned, the situation now is perfect - 'most 
everybody uses a system which we can break and most other people can't. 
I'm not saying that the NSA actually thought that, and arranged the 
government finance for TOR, but if I had been at NSA that's what I would 
have done.

As to constant bandwidth/covertraffic, that is expensive even today. For 
constant bandwidth to get a 5 second response time for a smallish say 
3MB web page you need to have 3 MB of covertraffic every 5 seconds, or 
50GB per day, per link. Ouch.

Peter Fairbrother

On 05/06/2023 16:35, Undescribed Horrific Abuse, One Victim & Survivor 
of Many wrote:
>> At one of the PET workshops {these discussed much of the academic
>> background to the technology behind TOR, Mixminion etc} someone
>> presented a paper on how long a user would wait for a reply to a web
>> request. Up jumps an attendee who says he and some colleagues had
>> already done a paper on this, and the answer was 5 seconds. Ooops.
>>
>> Now for a 5 second maximum response time it is technologically
>> infeasable to implement an untrusted onion network which resists attack
>> by a global persistent threat like the NSA or GCHQ.The APT just
>> temporally correlates data exiting the endpoints.
>>
>> The network can introduce timing jitter and packet size standardisation
>> or variation in order to make this harder, but with cost-limited dummy
>> traffic and a maximum 5 seconds response time it can't reliably stop it.
>>
>> It cain't be done.
> 
> This is such an old discussion that I am also not up to date on, but I
> don't see why snail mail and constant bandwidth were not effective
> counterarguments to user expectations and timing correlation.