On So, Jul 07 2013, Christian Sturm wrote: > [...] > Lets pretend you want to make a connection to a US server. Your connection > starts at the client side, so your computer, where it will be encrypted before > it goes through Tor relays. Now given your Tor exit relay is in the US and > your (probably unencrypted) traffic really leaves the network there Tor just > provided you with an anonymizing, encrypting tunnel through those tapped IXs.
What I’m worrying about is the following: My encrypted traffic is stored at the tapped IX, say the NSA does that. The NSA also observes the traffic from the Tor exit to the US server. As pointed out in the FAQ [1], Tor fails now, as they may perform a correlation analysis to figure out that the connection to the US server was coming from me. (As Mike Perry pointed out [2]: The Raccoon showed that such correlation suffers from the base rate fallacy. Thus, correlation might not be as simple as suggested by the FAQ and assumed in several papers. He also pointed to other attacks into which I did not look yet.) Best wishes Jens Footnotes: [1] https://www.torproject.org/docs/faq.html.en#EntryGuards [2] https://lists.torproject.org/pipermail/tor-talk/2013-July/ _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
