German data rentention law
Sven Anderson
sven at anderson.de
Sun Oct 19 00:30:32 UTC 2008
Am 18.10.2008 um 22:13 schrieb Roger Dingledine:
> 2) Maybe, consider starting circuits unpredictably before we want to
> attach a stream to them (we already mostly do that, since we build
> circuits preemptively), and closing circuits unpredictably after we
> are
> done using them. The idea there is to make the TCP connection logs at
> ISPs not correlate with when a given Tor stream started or stopped.
> I say
> "maybe" because it's far from clear that all ISPs will be forced to
> log
> TCP connection start and stop timestamps.
Wait, ISPs will _not_ log TCP connections (in general). Do you have
any reference for that assumption? All sources I know don't let any
doubt that ISPs will _only_ keep data, which they log anyways, that is
which IP has been assigned to which user at which time. And even this
information has to be deleted immediately after the internet
connection (access, not TCP!), if it is not necessary for billing
(flat rate contracts). This has been confirmed by German courts
already. And this is in clear contradiction to the new data retention
law. So it will be very interesting how this will continue, since it
is assumed by many, that the data retention law violates the German
constitution.
> point. According to our research if an attacker manages to get data
> from
> both sides, this appears sufficient for linking the user to the
> website.
According to Raccoons calculations some weeks ago this isn't so easy
as it seems. Did you do experiments in the real Tor network?
Regards,
Sven
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2415 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20081019/02328118/attachment.bin>
More information about the tor-talk
mailing list