I've been working on some theories I have in regards to isolating traffic to particular regions using only partial views. It should be possible to capture timing information based upon requests made by a logged on user to a website or hidden service (such as requests for js, or css files).
>From this a metric can be calculated that indicates a "timing profile" for >that particular user. If we have information gathered from machines we >control (i.e. we own them, or part of a botnet) that provides metrics of >timing information of circuits from machines located in particular areas, we >can then compare this against the "timing profile" for our logged on user. This would provide us with a general location of a user with a certain degree of probability. Two major aspects control the resolution: 1. The size and density of a given botnet. 2. The number of timing profiles obtained. We could also change the geographic location of the hidden service periodically, to increase the resolution further. This is a highly cost effective attack against TOR and does not require the resources of a government to conduct either. Has anyone else investigated this approach? If so, what were your results? Regards, Mark McCarron -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk