[tor-talk] de-anonymization by correlating circuit changes
bemoo129 at hushmail.com
bemoo129 at hushmail.com
Sat Aug 20 15:18:38 UTC 2011
Okay, but my question was, how traffic could be correlated if the
atttacker has traffic-logs from all servers a possible user could
use (e.g. all server operated by one provider/in one country) - but
he does not know the user himself.
So, he could follow the tcp-stream,i think: At first, he examines
the log of the exit-node, an he detects, that there is some
specific traffic ingoing and ountgoing at the same time. And then,
he follows this stream through the other relays...
More information about the tor-talk
mailing list