--- On Tue, 8/3/10, John Case <c...@sdf.lonestar.org> wrote: > On Tue, 3 Aug 2010, Martin Fick wrote: > > >> So ... if I've got a 5 or 10 mbps exit node with a > >> healthy > >> list of connections, can I use lynx locally to > >> browse anonymously ? > > > > > > I suspect that latencies would strongly differentiate your > > traffic from regular tor exit node traffic. Also, while > > you may have a decent amount of tor bandwidth, how much of > > that bandwidth can actually be used by an individual tor > > user? Individual tor users going through at least 2 > > other nodes before yours may still be severely BW limited > > before reaching your exit node. If your traffic is not > > so BW limited, it will likely stand out again. > > > Ok, I'd like to address both cases... > > There's really no way they could see latency unless they > had compromised the system itself.
What about ACKs in a TCP stream? What about application level responses? If I know the site being visited, and I know that loading a certain web page has certain images in it, wouldn't it be fairly easy to identify when the latency is really low if some of those images on the page are requested very soon after the HTML is downloaded? You have used tor, haven't you? :) You do realise how bad the latencies can be? > As for the speed, that may be the case, but I don't think > it's _necessarily_ the case. Well, of course, I didn't say it was nec. the case, but I sure would be concerned about it if you take your anonymity seriously. > That is, it might look > interesting that particular connections were high bandwidth, If I can monitor your incoming traffic and determine which middle nodes are connected to you, shouldn't I be able to get a fairly good idea on the maximum BW of each since it is advertised? If not a single middle node can match your output BW, it's a sure bet it is not tor BW! Now, let's suppose that only one middle node can match your output BW, it might be fairly easy to determine that this node is not currently transmitting to you at the BW of your output, again, foiled. In fact, if I can simply monitor every single input stream to your node, I can tell if any single one is large enough to match your output BW, if not... This all seems pretty easy if I only have to observe your node. > but is there anything implied literally in the code that > would preclude that ? No idea, -Martin *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/