I'll make a simple example to demonstrate the point. Alice lives in country with few Tor users. Let's take Uganda as random example from the Tor metrics page. There are between ~40 and ~120 Tor users per day from that country. [1] Alice likes to read a local forum and she posts in her local dialect.
Behavior A: Alice always starts Tor every day around the time of xx:xx:xx and checks a forum and posts. Behavior B: 1.) Open a Tor connection. 3.) Transfer some cover/dummy traffic. The longer the better? 4.) After some time check doing the stuff. (Ex: check mail, go on irc, post on forum) - Or at some random days, not doing any stuff, supposed to be hidden. 5.) Transfer more cover/dummy traffic. The longer the better? 6.) Close Tor connection. Adversary skills: - Forcing the country's ISP's to log when and for how long someone connects to the Tor network. - Surveillance of the local forum, watching the forum post time stamps. - The adversary compares the time stamp with the the public viewable time stamp of the forum post. - The adversary can watch the amount of encrypted traffic between Alice and the entry guard. Question: Isn't it significantly more difficult for the adversary to find out who is behind Alice's actions, when choosing Behavior B? It gets more difficult than just comparing time stamps? [1] https://metrics.torproject.org/users.html?graph=direct-users&start=2012-10-28&end=2013-01-26&country=ug&events=off#direct-users _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
