> To correlate Tor traffic you need to control a majority of nodes. If > both Russia and NSA try to control them, both fail. >
In all fairness, AFAIK if someone controls one entry guard and one exit node, they can correlate all traffic that uses those two nodes for entry and exit. If there are roughly 2000 entry guards and 1000 exit nodes on the network and if Tor clients select entry and exit nodes at random, for every server you control, you can correlate roughly 0.00005% of the traffic on the network. Divide that number by roughly seven for hidden "onion" services, since that traffic can use any relay as an "exit" node, and perhaps more than seven if the hidden service disguises itself as a Tor relay so the traffic destination becomes more difficult to determine. See https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack/ : "A traffic confirmation attack is possible when the attacker controls or observes the relays on both ends of a Tor circuit and then compares traffic timing, volume, or other characteristics to conclude that the two relays are indeed on the same circuit. If the first relay in the circuit (called the "entry guard") knows the IP address of the user, and the last relay in the circuit knows the resource or destination she is accessing, then together they can deanonymize her." <https://www.avast.com/?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> This email has been sent from a virus-free computer protected by Avast. www.avast.com <https://www.avast.com/?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2> -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk