[guardian-dev] 81% of Tor users can be de-anonymised by analysing router information, research indicates

Nathan of Guardian nathan at guardianproject.info
Thu Nov 20 09:21:42 EST 2014



On Thu, Nov 20, 2014, at 08:36 AM, Michael Rogers wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> On 14/11/14 21:23, Nathan of Guardian wrote:
> > Otherwise, I am all about HIGH-latency anonymity systems these
> > days, so the more we can think about mobile messaging over Tor as a
> > transport for all things, the better!
> 
> I totally agree about the value of high-latency anonymity systems, and
> unsurprisingly I also agree that messaging over Tor is a good idea,
> but I think we should devote some time to working out how the two
> things fit together - maybe try to get the Tor research community
> interested.

Good idea!

> 
> If we simply use Tor as a low-latency transport for asynchronous
> messaging then we're limited to Tor's threat model, i.e. we can't
> prevent traffic confirmation attacks. If we revive one of the
> remailers or build a new system then we're limited to a small number
> of users, i.e. a small anonymity set. So ideally we'd find some way of
> adding high-latency mix-like features to Tor.

How much difference in latency are we talking about? Can we just
introduce some sort of randomness or delay into our existing
stacks/protocols?

> Done right, this could provide a large anonymity set for the
> high-latency users and improve the traffic analysis resistance of Tor
> for the low-latency users at the same time, by providing a pool of
> latency-insensitive traffic to smooth out the bursty low-latency
> traffic between relays.

I think this really makes the case, why a native Tor-based messaging
channel/layer/link/substrate should be implemented.

+n


> 
> Cheers,
> Michael
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> 
> iQEcBAEBCAAGBQJUbe5GAAoJEBEET9GfxSfMqRwIAInobLfRYgdpMrmXcIT/gKGI
> MaSa2ektfiRSxIHBE/+uQK+pLuIHVpLYSIp0IBS1wHw4LKO0+5JE8bK5UKIV0/KS
> B8tFzOJKogQjMTwQAEpzqjhF6cE5M1FUzlPfO8KXYDa6v10Ipk1scY8o00Yo1v5L
> zr1uCen19/lKLKkc0i1NWxTABomYm7fOt7ud7nbz8dTqjZlS2Aza1ArOX0SSfXsb
> wnB1bM2CU3OKzam0Byx2iR1iv9eOgE1L8epj5T/37HZ2XJgNYHARlhlncLRklJLY
> 47mb6fDxGMjjw2RO0v+RpVnCeztcjgEcedKzlzrr28tukLHR/zwI+x+yoDu00Yw=
> =JudA
> -----END PGP SIGNATURE-----


-- 
  Nathan of Guardian
  nathan at guardianproject.info


More information about the Guardian-dev mailing list