-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Let's assume that a global adversary sets up (or seizes) a hidden service with illegal content and wants to deanonymize users who download this content from this service.
Users are educated, use only trusted, newest software and have all plugins disabled. We all know about traffic correlation attacks. But let's take it further. Let's set up a service in a way that it will modulate the traffic, so the download would look like: Few seconds - maximum traffic speed Few seconds - download completely stopped Few seconds - again, maximum traffic speed Few seconds - again, download completely stopped Then, we monitor traffic flowing into various entry nodes (remember we're a global adversary, having direct access to infrastructure around the globe) and spot the traffic that matches our pattern. Traffic fluctuations are normal and common, but fixed sequence of interrupts in proper times is absolutely unique. Seems possible? Seems probable? - -- Oskar Wendel, [email protected] Pubkey: https://pgp.mit.edu/pks/lookup?search=0x6690CC52318DB84C Fingerprint: C8C4 B75C BB72 36FB 94B4 925C 6690 CC52 318D B84C -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJW7JOxAAoJEGaQzFIxjbhMOKwIALCNpacHME11xF7o3CycaYHv +agBNRmhmsSWlwb5gMs/IIUEOINYD2j5MfK1/SsfKcTqa6UQZsEtwvMRqGbJWO77 hMRaZ3fLSMrvB8fWUSWDTG40rViqNNd5e+hC+aCVpI6FAbHBXmZbIPIgrRo6BXWj AhHb19IvHokYKnDnV02W0UDD6pCXRztEiEDB3cUVzj/MAnPizufxa/lHNH1QsW+C z8ZoifT7Sn6fNDi7qA9B76XcQPbQdQHz+mK8QutgRB9IhN98LAfAzoNM1cUmYLbJ JiO9Hgf6aliwsevX4kDSCGxuhd5nXKw2+VdpjZzIkMzxOY6a7St/CUYSdWrKIQI= =XlNO -----END PGP SIGNATURE----- -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
