[tor-dev] Projects to combat/defeat data correlation
Moritz Bartl
moritz at torservers.net
Thu Jan 16 04:02:26 UTC 2014
On 01/16/2014 04:16 AM, Jim Rucker wrote:
> There was a story in the news recently of a Harvard student who used Tor
> to send a bomb threat to Harvard in order to cancel classes so he
> wouldn't have to take a test. He was apprehended within a day, which
> puts into question the anonymity of Tor.
The way I understand it is that they did not exploit a weakness in any
system, they just (more or less) performed regular police work.
See https://www.schneier.com/crypto-gram-1401.html#3
> From my understanding (please correct me if I'm wrong) Tor has a
> weakness in that if someone can monitor data going into the relays and
> going out of the exit nodes then they can defeat the anonymity of tor by
> correlating the size and number of packets being sent to relays and
> comparing those that the packets leaving the exit nodes.
It is not that simple, but in principle you are correct. A good paper to
read about this is http://freehaven.net/anonbib/#ccs2013-usersrouted
See anonbib also for mitigations that were suggested and investigated
over time (which are not that easy either).
--
Moritz Bartl
https://www.torservers.net/
More information about the tor-dev
mailing list