On 11/10/2021 04:59, Punk-BatSoup-Stasi 2.0 wrote:
On Mon, 11 Oct 2021 03:18:15 +0000
PrivacyArms <privacya...@protonmail.com> wrote:
Thanks. I will read the linked paper, but Tor uses connection padding. Maybe
your information is out of date?
Nah. Tor uses some kind of limited padding,
It's designed so that routers which are configured to report per-flow
totals on an entry node's traffic will aggregate more packets into the
reported per-flow session totals.
Marginally effective in the short term if the attacker is using per-flow
logging data, but less effective against long-term correlation attacks
and near-useless if the traffic data used isn't aggregated, as might be
collected by GCHQ or (I'd expect) NSA in a packet-logging rather than
per-flow-logging configuration.
Afaik all backbone routers can be configured for packet or per-flow
logging. Per-flow logging is used by ISPs to improve service and
per-flow log storage is cheaper than packet-log log storage, so it is
used more.
But I expect the big boys, NSA, GCHQ etc, can get packet logs whenever
they want them. Especially if it's only for a goodly proportion of the
few thousand Tor entry and exit nodes.
Against the elephant? Tor's padding is totally useless.
Peter Fairbrother
