Hi! On Sat, Aug 15, 2009 at 09:09:52PM -0400, Ringo wrote: >"Cover traffic is only there if the tor instance(s) also run as relay."
>I was talking about clients, not servers just to clarify. If multiple >Tor instances are running in client mode (or even in one instance, if >there's a lot of traffic), it becomes harder to do traffic analysis and >pin one circuit to one user. >Am I mistaken in that conclusion? I think you are indeed. If you run the instances as client only, there's no cover traffic, just the traffic of the different users. If you run separate tor instances, their circuits (first hop) are necessarily on different TCP connections, so their different usage patterns will show separately. If you run one tor instance for all users, they might use the same entry guard together, multiplexing the different usages onto one TCP connection to the same entry guard. That hides the usage patterns by adding them together, IMO. The second hop then might split up or not, depending on needs, and even more so the third hop (from the second to the exit node, where the dependency on the exit policies comes to play a role). I don't know/remember whether tor relays in turn multiplex traffic "received" from different clients together for the next hop if possible (i.e. different clients using the same entry guard and the same second hop, mixing/multiplexing that traffic onto the same TCP connection). If so that would yield even more anonymity, but only if the different users use the same second hop at the same time (and switching over to different circuits at the same time). Kind regards, Hannah.