81% of Tor Users Can Be De-anonymized By Analysing Router Information

An anonymous reader writes A former researcher at Columbia University's Network Security Lab has conducted research since 2008 indicating that traffic flow software included in network routers, notably Cisco's 'Netflow' package, can be exploited to deanonymize 81.4% of Tor clients. Professor Sambuddho Chakravarty, currently researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology, uses a technique which injects a repeating traffic pattern into the TCP connection associated with an exit node, and then compares subsequent aberrations in network timing with the traffic flow records generated by Netflow (or equivalent packages from other router manufacturers) to individuate the 'victim' client. In laboratory conditions the success rate of this traffic analysis attack is 100%, with network noise and variations reducing efficiency to 81% in a live Tor environment. Chakravarty says: 'it is not even essential to be a global adversary to launch such traffic analysis attacks. A powerful, yet non- global adversary could use traffic analysis methods [] to determine the various relays participating in a Tor circuit and directly monitor the traffic entering the entry node of the victim connection.'

The only solution I can think of

[gcnaddict]

is to maximize bandwidth utilization with junk traffic between all connected nodes, substituting junk data for legitimate data as needed.

Re:The only solution I can think of

[Qzukk]

There's just one problem:responses. If I send data to B and B never sends data back, then that's clearly junk data. If I send data to B and B immediately sends data back then that's clearly junk data unless B is a hidden service. Apply this to every node B talks to (and the nodes they talk to) and it's readily apparent which ones are actually having a conversation.

Re:The only solution I can think of

[fustakrakich]

Yep, you can't beat simple traffic analysis. How come we aren't don't doing more of that on government/corporate communications? I mean, turnabout is fair play, no? We might not know the content of the secret deals they make with the terrorists behind our backs, but we will know when they are talking to each other. Take away their privacy and maybe they'll respect ours.

Re:The only solution I can think of

[Lunix+Nutcase]

How come we aren't don't doing more of that on government/corporate communications? I mean, turnabout is fair play, no?

I don't know. Why are you not doing more of that? Most people are not doing it because they don't want to be sent to prison.

Re:The only solution I can think of

[fustakrakich]

People with the resources (if you get my drift) can conduct passive traffic analysis, and anonymously post the results, and even post them right here. Apparently I'm only pissing into the wind with the suggestion that we defend ourselves against domestic threats...

Re:The only solution I can think of

The problem is, you're the domestic threat. Don't think anti-government yahoos are some kind of heroes, just because Slashdot has gotten extremely derpy.

Re:The only solution I can think of

[Lunix+Nutcase]

People with the resources (if you get my drift) can conduct passive traffic analysis, and anonymously post the results, and even post them right here.

Oh I got your drift. You're the same as the people who proclaim from their basements how everyone else should uprise against the government. They, on the other hand, will do nothing but play armchair general.

Apparently I'm only pissing into the wind with the suggestion that we defend ourselves against domestic threats...

Yes, you are when you expect everyone else to do the work for you. Get off your fat ass and stop expecting others to do all the work. Then you might see some real change happen.

Re:The only solution I can think of

[gcnaddict]

How would you know if B never sends data back? B is sending junk data just as you are. To an outside observer, the amount of throughput by B would never change even if B sends an actual response.

Re:The only solution I can think of

Well, as usual you people are full of it. nothing but assassins accusing the assassin. You actually are the problem. At least I don't reelected crooks into high office, and I do buy my products consciously. Plus I take care of things my way. So keep on yacking asshole.. You can fuck off.

Re:The only solution I can think of

[Lunix+Nutcase]

I'm the problem by telling him to actually do something rather than simply whining that others aren't doing enough?

Re:The only solution I can think of

You don't know what the fuck I am doing. I don't discuss my business on public forums. Again, you can fuck off!

Re:The only solution I can think of

[Lunix+Nutcase]

Hahaha. Nice parody. Should have spotted it earlier. Would chuckle again.

Re:The only solution I can think of

No parody, bub. You're an asshole to make the assumptions you made. I use my available resources to practice what I preach, and I see all your (editorial) vast resources only used to prop up the empire, with nary the feeblest of resistance. Thank you for giving 95% of our congress back to us. You only make it clear where you really stand...

Re:The only solution I can think of

[Lunix+Nutcase]

Now you're beating this to death and getting boring. Stop when you're ahead next time.

Re:The only solution I can think of

Don't sweat a thing you won the internet, regardless of your specious claims against me. The mods have spoken.. Congrats..

Re:The only solution I can think of

[Prune]

Wouldn't adding random timing jitter to the packets deal with the problem without using up more network resources with junk data? As long as the timing noise distribution between routers is not grossly dissimilar, that should work.

Re:The only solution I can think of

To fix this you have to fill all the links in the network with fill traffic. This does NOT cause any performance drop because when your traffic needs to get through the links reduce fill traffic by that amount to allow you to pass.

Re:The only solution I can think of

[Carnildo]

Not really. Random jitter can be dealt with statistically: collect more data, compute the mean, and use the mean where you would have used the exact timing.

In order to defeat timing analysis through noise injection, you need to introduce a large amount of variation compared to the number of packets being sent; for any realistically-sized data transfer, this requires jitter on the order of minutes to hours.

Re:The only solution I can think of

[ColdWetDog]

APK, is that you?

Re:The only solution I can think of

History shows otherwise. There hasn't been a single government throughout history that never abused its people in horrendous ways. If you're not extremely cautious of everything the government does, then you're part of the problem.

The real domestic threats are those trying to infringe upon our fundamental liberties. Like all the pieces of garbage who allowed the NSA to conduct mass surveillance.

Re:The only solution I can think of

One could say he has at least put forth an idea, and you have merely blamed him for shifting risk to others. However, one would be overlooking the fact that it does not matter much whether the suggestion is cowardly. I think what's worth discussing is whether it's a good idea. So, what was that idea then...

fustakrakich:
> People with the resources (if you get my drift) can conduct passive traffic analysis, and anonymously post the results, and even post them right here.

I'm not sure everyone gets your drift. It might help to clarify. (Maybe it's obvious to someone else.)

So, pending that ... is it a good idea for [someone] to perform passive analasys for active attacks potentially attributable to governments and/or corporations? Or is it not? More granular answers are also allowed.

Re:The only solution I can think of

No, this ain't apk... The guy's an asshole. I suggest a course of action and the dope assumes I'm doing nothing.. Fuck him...

Re:The only solution I can think of

This is where I2P's model is superior, as being based on DHT rather than TOR's onion routing, it becomes a lot harder to try to do traffic analysis as a means of deanonymization. Of course, it's a different project with quite different goals, but especially in these troubled days for Tor, it's definitely worth a bit more attention in my humble opinion. That it also works with bittorrent, rather than being broken by it, is also a perk for some.

Re:The only solution I can think of

Anti-government folks aren't necessarily heroes, but when it's a matter of resisting unconstitutional practices by a government that views itself as above the very law that brought it into being, I'd have to say some credit has to be given. Heroes, perhaps not...simply people doing their civic duty to wield the authority protected by the Constitution to keep the government in check.

And before anyone brings up the notion that the Constitution is just out of date and should for some reason be ignored, that's a steaming load of horse shit. Amended, or even completely rewritten/ratified perhaps, but a Constitutional Republic without a Constitution is simply a matter of those with power exploiting those without it.

Re:The only solution I can think of

As well as each node use a different encryption key, each TOR node could use a different random distribution for changing the trafic pattern (buffer/split packets) and eventually change this distribution over time. In this case, a simple average would not be enough to compare the victim traffic to the output node traffic.

Dear Tor users:

[NoNonAlphaCharsHere]

By "can be" De-anonymized, we mean "have been".

Sincerely,
The NSA

Re:Dear Tor users:

[fustakrakich]

A long time ago. Tor does not blend!

Re:Dear Tor users:

This is *years* old news, with many papers on the subject. Anyone who thought TOR was secure was wildly misinformed by the media, including slashdot.

Re:Dear Tor users:

great, can you pick up the RSA keys for my cryptowalled data now?

Re:Dear Tor users:

[nofare]

Remember, always, that TOR gets a significant amount of its funding from the US government. The TOR top people get a significant amount of their money for the US government. TOR is not an open-project. http://pando.com/2014/07/16/to... http://pando.com/2014/11/14/to...

Re:Dear Tor users:

As a kind of internet politician, I can vouch for the efficiacy of TOR. It DOES help. A Lot.

Can't be true

[HornWumpus]

I've been repeatedly told I was paranoid regarding TOR traffic analysis by the the /. hive mind. So this can't be true.

Re:Can't be true

Look, an 81% claim is quite nice as true positive rate. But they don't list the false positive rate. Which seems to be pretty big. Think of it like this, if I call everybody in the world a tor user, I have a 100% tor user detection rate. But my false positive rate makes this pretty much useless. These things often look better in the papers than they work in real life. There is certainly cause to be careful with tor, it is as of yet unknown that in any investigation, tor itself has been the weak point, so there are a lot of other things to take care about before worrying too much that tor is vulnerable.

Re:Can't be true

I've been posting it ever since the tormail take down and I posted it since the silk road takedown, and so on. PRISM's metadata collection is precisely what this article is talking about: timestamped lists of what computer talked to what computer for how long with how much data.

Re:Can't be true

[HornWumpus]

Can you say 'parallel construction'? I thought you could.

There is a lot of evidence the TOR is simply a honey-pot.

False positives are easily dealt with when a user generates traffic for any sort of period of time.

Re:Can't be true

[fustakrakich]

There is a lot of evidence the TOR is simply a honey-pot.

Yeah.. I don't get it. It is absolutely ludicrous to think the government is going to offer up secure technology that it can't circumvent to its enemies (the American public).

Re:Can't be true

[brunes69]

You are still being paranoid.

Just because something is theoretically possible in lab conditions does not mean that anyone in the real world is actually doing it. The FBI doesn't even have the resources to do something trivial brute force an iPhone 4 digit pass-code, you think they or the NSA have the resources to do this on any kind of real scale?

Despite what urban myths are out there, the NSA uses relatively simple means to do 99% of their spying and traffic interception.

Re:Can't be true

Nice try, NSA.

Re:Can't be true

[gstoddart]

Despite what urban myths are out there, the NSA uses relatively simple means to do 99% of their spying and traffic interception.

Which doesn't mean they don't also have massively expensive and complicated means to do the rest.

That last 1% is likely pretty high value.

Really, at this point, I don't think paranoid fears about what the spy agencies are doing comes even close to reality.

Things which we all "knew" 5-10 years ago to be completely impossible are being revealed as already happening.

They're not superhumans, but they have massive resources and funding (not all of which comes from the government).

So, yes, some of us are still being paranoid. But that doesn't mean that we're not right.

Re:Can't be true

There is a lot of evidence the TOR is simply a honey-pot.
Go on.....

Re:Can't be true

So, yes, some of us are still being paranoid. But that doesn't mean that we're not right.

Spoken like a true paranoid. Until something is proven false treat it as if proven true. And make sure the bar to prove false is set to between difficult and absurd. Living like that might help keep you safe, but that is a rather small cocoon you are forcing yourself to live in, and it still has holes.

Re:Can't be true

[HornWumpus]

Chesters, Silk Road #1, Silk road #2...More to come.

Re:Can't be true

[HornWumpus]

Are you kidding me? Name one 'service' on TOR that has been up for long enough to get attention and not been busted?

Traffic analysis is understood. The mechanics of TOR are understood. The ownership of those TOR nodes that generate six figure monthly bandwidth bills is _not_ understood but assumed to be NSA.

Two technical facts, one implausible data point and one suspicious history.

Re:Can't be true

[gstoddart]

"So, yes, some of us are still being paranoid. But that doesn't mean that we're not right."

Spoken like a true paranoid.

Why, thank you. That's the nicest thing anybody has said to me all week.

Look, if the reality wasn't that the surveillance programs in place are far more invasive, sophisticated, and all encompassing than we've ever thought possible, I would happily be a slightly paranoid guy in the corner tilting at windmills. I'm OK with that. Everybody needs a hobby, and it's fun at parties.

The reality is, stuff which we know to be happening is far more widespread than anybody would have believed. They've demonstrated themselves willing to lie to Congress. They get funding from alternate sources which they don't always tell us about. They don't always care about the niceties of the law.

They've colluded with law enforcement to conceal their ways and means, and come up with ways to charge you and hide how they got there by writing a handbook of perjury and lying.

They can use secret laws to make it illegal to tell anybody the scope of what they're actually doing.

So, the problem becomes ... when a high degree of paranoia has been demonstrated to be not nearly paranoid enough ... being somewhat paranoid becomes pretty much mandatory.

And these guys have made what would have been dismissed as merely paranoid ravings only a few years ago into something which is documented and commonplace.

So, yeah, I sound paranoid. Because the people who make me paranoid have upped their game to the level where it's hard to imagine I'm being paranoid enough.

Re:Can't be true

[sl3xd]

There's a difference between a honey pot and a dedicated search.

Honey pots exist to collect all traffic that hits them. Were Tor a honey pot, the Silk road would have never exited in the first place.

Re:Can't be true

So, yes, some of us are still being paranoid. But that doesn't mean that we're not right.

Spoken like a true paranoid. Until something is proven false treat it as if proven true. And make sure the bar to prove false is set to between difficult and absurd. Living like that might help keep you safe, but that is a rather small cocoon you are forcing yourself to live in, and it still has holes.

You'd think any sane person would set the bar somewhere in the middle with common sense, since not believing in real things can be very dangerous too.

Re:Can't be true

[sl3xd]

Citation, please? Where are you getting the idea that exit nodes have huge bandwidth bills?

For example: run a mac mini colo as an exit node, with unmetered bandwidth. $55/month, with 100 Mb of bandwidth, 24x7.

Or some guy in Korea with 3-5 gigabits of bandwidth at their home for ~$40 USD/month?

Or a university club running an exit point using approved university resources? (I know my alma matter does)

Tor exit nodes are often just people hosting them on their own nickel, often at home. You can throttle the tor server to 56 Kib/s, and leave the rest for your own usage.

Re:Can't be true

[HornWumpus]

Imagine you are a spook who has compromised a 'secure' means of communication.

Can you think of anything better to do with this then shut it down immediately? Should Bletchly park have gotten on the radio and told the Germans 'neener neener, we broke your codes you jerry morons.'?

Re:Can't be true

[tehlinux]

Should Kinch have told Colonel Klink he had a radio in the coffee pot?

Re:Can't be true

You'd think any sane person would set the bar somewhere in the middle with common sense, since not believing in real things can be very dangerous too.

Unfortunately to a paranoid the high level they set is what they consider the middle. Paranoids don't want to see reality, they want to believe in their fantasy, so they set the bar to disprove what they "know" at a very high level, often at an impossible level using the fact anything can be faked as their basis. This is what I was referring to. If a person make a claim that isn't proven, but uses the lack of definitive proof of the contrary to "prove" their claim is right, then they are either a fool, a troll, or are delusional. It is the lack of rational thought that set paranoids apart from people who are just being careful. I have nothing against those who want to protect their privacy and take steps to do so; I think that is wise. But for those who see the government behind everything, believing that the government is all powerful and all knowing, and as in the case of things like Tor believe the government is able to read all of it versus only potentially able to unravel a small targeted subset given time, then I think they are smoking something (those in Colorado and Washington can ignore that last part). For many in the anti-NSA crowd, which they then generalize to anti-government, their arguments show strong signs of the paranoid's I-am-right-no-matter-what-you-say mentality which I think greatly distracts from the legitimate cries of those who see a problem with what a subset in the government has done.

Re:Can't be true

And for every one crappy market they take down, 10 more rise in it's place. Why would we see this kind of growth in dark net markets if Tor was just a honey pot, assumedly with the NSA/some other US govt. agency controlling it?

Those markets go down because they have poor operational security, not because Tor is broken.

Re:Can't be true

[f3rret]

Are you kidding me? Name one 'service' on TOR that has been up for long enough to get attention and not been busted?

Based on what came out about both the SR takedowns indicate that those were not taken down by sophisticated cyberattacks using high-grade NSA traffic analysis techniques.
They were taken down because the people behind those sites were bad at being criminals and operating out of the US. I'm almost sure there's several alternatives to SR that are being run out of SE Asia or the former USSR that are not being taken down because the people running them are either good at being criminals or otherwise out of the reach of their local LEA.

Re:Can't be true

[Opportunist]

Why the heck should the government care about someone selling drugs online? Does it cut into their business somehow?

Re:Can't be true

Boy. it aint be so easy. Read the papers.

Re:Can't be true

You better stay out of computers, boy. Because you see ghosts everywhere, which is THEIR OBJECTIVE. They want to control the masses in the interests of those robber barons running the show. They want to SCARE you into being a little mouse, underground.

You need to FIGHT for your rights or submit yourself to their Absolute Rule.

Hint: They cannot easily kill you - that would stir up too much shit. But sure as hell they will make the people around you telling you nasty stuff. The objective is to MAKE YOU KILL YOURSELF.

Re:Can't be true

Did you ever consider it possible that those claims come from the government themselves ? "dont use any crypto, WE CAN BREAK EVERYTHING!". The objective being to sustain your supply of cleartext, of course.

Re:Can't be true

It seems overly simplistic to say that Tor is simply a honey pot. More just that it's not as universally anonymous as it's been made out to be. For purposes of circumventing small government surveillance, or corporate firewalls, or whatever else it may be used for, it's still quite a legitimate tool, as you very much do need the kind of network perspective American government is one of very few entities to have.

Last I checked, nowhere on the Tor website does it say "come here to download a tool designed to safely prop up a clandestine contraband marketplace", nor are guarantees made about its effectiveness. Hype has more to do with this common misunderstanding more than anything else.

Re:Can't be true

Wikileaks. Though that's an odd case, as its existence on Tor isn't to conceal its own identity, but rather to facilitate the ability for contributors being able to access it without needing to go through an exit node.

Re:Can't be true

[HornWumpus]

Duh.

Re:Can't be true

[brunes69]

No one with a clue in their head thought this stuff was impossible 5-10 years ago. Everyone who had the slightest background knowledge in how things operate already knew and assumed it was happening. The movie Enemy of the State came out in 1998 for god's sake, and people still did not wake up as to what was possible. This stuff wasn't fiction then, and it isn't fiction now.

That doesn't change the fact that 99% of the interception the NSA does is trivial. Using Tor is still a very good idea and can save your bacon 99% of the time. Unless you're on a terrorist / insurgent watch list, or you are banging the NSA director's mom, you are probably safe on Tor. You will definitely be able to avoid domestic law enforcement.

Potential false positive issue.

While I haven't read the paper, the article seems to have a reasonably big "correlation for non-victim" bar. If this means false positives, it makes this technique at least a lot less useful than the "81%" deanonymization rate that they claim. It might make it useless for anything really.

Honestly, this all seems like more headline and less news. But I do still have to read the paper.

Re:Potential false positive issue.

[f3rret]

While I haven't read the paper, the article seems to have a reasonably big "correlation for non-victim" bar. If this means false positives, it makes this technique at least a lot less useful than the "81%" deanonymization rate that they claim. It might make it useless for anything really.

Honestly, this all seems like more headline and less news. But I do still have to read the paper.

I read it as meaning "This type of attack can deanonymize a single TOR user 81% of the time" and not "This type of attack can deanonymize 81% of ALL TOR users at the same time"

individuate?

So, apparently this "individuate" word has been around since the 17th century and somehow, after a lifetime of academic and recreational reading and watching media I've never see or heard it used anywhere, ever.

I attribute that to taste. Either I have the good taste not to read/watch things where it might appear, or people generally have good enough taste to avoid it, or both.

Re:individuate?

[NoNonAlphaCharsHere]

"Ideation" is my own pet "are you serious?" word.

Re:individuate?

Irregardless, that's what was inputted. Sorry you tooked offense.

Re:individuate?

[HornWumpus]

Better then 'performant'.

Re:individuate?

[stoploss]

Which, in turn, is still better than "compute" (noun)

Not flagged badexit?

I thought Tor immediately cuts traffic to any exit found to be passing anything other than exactly what was requested.

It doesn't matter!

The whole point of tor for those who are morally and ethically sane, is that it makes monitoring the populus orders of magnitude more expensive!

Forcing NSA and their ilk to actually target people individually, instead of just passivly collecting plain text data on everyone is exactly what needs to happen!

Use Tor as much as possible, it is the only thing stopping complete internet surveillance.

Re:It doesn't matter!

This is what I tell people about using tor. It's not iron clad but it adds a lot of difficulty for people who want to collect everyones data. And even if the nsa can break it, the coffee shop can't, your isp can't, and the websites that track your every move across the web can't, at least not all of the time. And currently tor is the best way for people to voice their discontent with the surveillance state that's been forced on us in recent years. So that's better than doing nothing at all.

Re:It doesn't matter!

"Use Tor as much as possible, it is the only thing stopping complete internet surveillance."

You mean, it's the only way to pipe more money into surveillance. It's idiotic to think they surveillance will stop if everyone makes it hard. The exact opposite will happen. The tools will be developed to make it easy and low cost, *just as has always been the case*. Surveillance used to be a problem in getting to a point where you could observe the information, but now everything is connected. The only problem is analysis, which is much much easier.

Re:It doesn't matter!

Ah yes, of course. the old "its useless to try" argument.

What's that? you can't tie your shoe laces? We'll, its useless to try, you'll never do it!
What's that? you can't drive? We'll, its useless to try, you'll never do it!

The utter stupidity of that argument is breathtaking!

I would of course suggest the much better solution would be to stop paying taxes if that money is used to surveil the populus. But of course if you did that, you'd be thrown in prison rather quickly. Are you starting to understand how your governemnt is tyranical?

As in, the state is fundamentally saying "fund us to monitor your every move or we will throw you in prison". And if you resist, some men in costumes with guns will either force you into prison, or they will kill you.

But I would like to hear your solution to the total internet surveillence? you got any?

Re:It doesn't matter!

Use Tor as much as possible, it is the only thing stopping complete internet surveillance.

Indeed. The more Tor is used to access innocent and benign sites (I was debating whether to cite Slashdot as an example here) the lower the percentage of usefully targetable traffic on it.

Use it for everything, and the fact that you're using it at all becomes less significant.

Re:It doesn't matter!

By your logic, we should just install cameras in our houses and send them feeds...under the sheer cheapness of surveillance, their budget will collapse and the NSA will disappear.

Re:It doesn't matter!

You mean, it's the only way to pipe more money into surveillance.

The pipe is finite. The lower the bang for the buck, the less inclined politicians are to keep siphoning bucks to something unpopular or secret instead of some pork they can brag about to their constituents.

Re:It doesn't matter!

[NotSanguine]

The whole point of tor for those who are morally and ethically sane, is that it makes monitoring the populus orders of magnitude more expensive!

Forcing NSA and their ilk to actually target people individually, instead of just passivly collecting plain text data on everyone is exactly what needs to happen!

Use Tor as much as possible, it is the only thing stopping complete internet surveillance.

What can make things even more expensive is using strong end-to-end encryption for all network connections and strong encryption for everything stored on someone else's servers. This is *mostly* feasible if you have some technical knowledge, much less so for those that don't.

Things that can aren't really there but could really help the non-technical are:
1. Easy to use, verifiable but decentralized email encryption/non-repudiation
2. Ubiquitous network connection encryption with decentralized/anonymized certificates/server keys
3. Automated strong encryption built in to file transfer software
4. Ubiquitous and easy to use local storage encryption (e.g., Veracrypt, ZFS, Windows NTFS/EFS, etc.)
5. Strongly encrypted voice/text messages by default on *all* devices
6. Strong encryption on social network data, with granular access controls, preferably in a P2P social network environment (I know, a pipe dream)
7. I'm sure there are a bunch of other things too, I'm just too lazy to think of them right now

The key is getting folks to *want* to protect their privacy. Once there is widespread interest, many players (both FOSS and proprietary) will start creating such tools/processes/resources for the larger market. Even if the NSA/CIA/GCHQ, etc. can crack 256 bit encryption in hours (unlikely, depending on the encryption schemes), if the bulk of data and network traffic is encrypted, enormous resources would need to be expended getting the data most people practically beg the spies and corporate marketing assholes to scoop up and use in their self interest.

Yes, this stuff isn't trivial and some requires active participation from those who would be hurt by this (our corporate masters), but a guy can dream, can't he?

Re:It doesn't matter!

[Pablew+Nopl]

What's that? you can't tie your shoe laces? We'll, its useless to try, you'll never do it!

It is a waste of time, however. I just wear shoes that don't need shoe laces. I'm not sure why something so arbitrary got so popular and is considered to be 'necessary' to begin with.

Re:It doesn't matter!

Pretty much. And much the same argument can be applied to why home recording was allowed in the analog age, but in the digital age they are clamping down. This because during the analog era it would require a "copyright cop" in every home. But now they have one such, the very computer used to do the recording and sharing.

Why bother.

Every thing can be hacked and/or de-anonymized sooner or later. What is the point in using anti-virus and firewalls, tor and the likes. Seems every thing is flawed by design.

Re:Why bother.

[NotSanguine]

Every thing can be hacked and/or de-anonymized sooner or later. What is the point in using anti-virus and firewalls, tor and the likes. Seems every thing is flawed by design.

Exactly. those windows on your house are vulnerable to rocks, so there's no point in locking your door. Safes can be cracked or blown open, so why keep your valuables in one? It's just going to get broken into, so why bother?

A peeping Tom can look in your window or drill a hole in your wall to watch you, so put up cameras everywhere in your house and broadcast the output on the Internet and a large screen TV outside your house. They're going to see it anyway, so why risk damage to the house?

So don't use Tor at home?

[rvw]

Basically what they are saying is that you should not use Tor at home or at work, but in other places, where you don't do your normal browsing. Make normal and Tor browsing mutually network exlusive!

Re:So don't use Tor at home?

[swillden]

Basically what they are saying is that you should not use Tor at home or at work, but in other places, where you don't do your normal browsing. Make normal and Tor browsing mutually network exlusive!

If browsing from coffee shops is necessary and sufficient to provide anonymity, why use Tor?

Re:So don't use Tor at home?

[Bob9113]

Basically what they are saying is that you should not use Tor at home or at work, but in other places, where you don't do your normal browsing.

Close, but not quite ideal. You should use TOR at home to do strictly legitimate things, to create the haystack in which the needles can be hidden. Then, when you want to do something without being watched, you use TOR with clean hardware and connectivity. Also, when travelling to your clean connectivity, leave your cell phone and other tracking devices at home, and do it somewhere with lots of other people.

Re:So don't use Tor at home?

[rvw]

Then, when you want to do something without being watched, you use TOR with clean hardware and connectivity.

So what is clean? I can only think of an Ubuntu VM, default install with maybe one or two addons in Firefox to delete cookies. Nothing that changes or adds fonts. Make snapshots and always revert to that. Create new snapshots after updates. Don't update when using public wifi, but update at home while not doing anything else - no browsing!

Re:So don't use Tor at home?

[Bob9113]

>> when you want to do something without being watched, you use TOR with clean hardware and connectivity.

> So what is clean? I can only think of an Ubuntu VM, default install with maybe one or two addons in Firefox to delete cookies. Nothing that changes or adds fonts...

That's a fairly good version. I think it's about how extreme you want to go and how secure you feel you need to be. You could grab a fresh laptop off Craig's List and only use it for a few days. You could get a Raspberry Pi with no writable storage and change the MAC address every time you power it up. Or, at the other end of the spectrum, you could just have one laptop that you only use for your alternate persona, and always use it for that, if what you need is pseudonymity instead of anonymity (that's the most aggressive thing I do, actually, being one of those people who doesn't actually have anything to hide, but still believes in privacy as a matter of principle).

And, of course, every step you take is a good one. It all helps to confound those who would violate what I believe are inalienable rights.

same data, packet timing differentiated

[raymorris]

You can add a fingerprint without changing the data. One way is by timing. A 10 Mbps cable modem, for example, can send at maybe 50 Mbps for 100 milliseconds, then it stops for a 400ms to average 10 Mbps, the speed you paid for. If I want to mark a traffic flow I'm relaying, I can send the packets out in burts of 120KB, 60KB, 120KB, 60KB. Assuming a sufficiently uncongested network, that pattern will be visible several routers further down the line.

I've relayed precisely the data I was sent, I just modulated the rate at which I sent it.

Re:same data, packet timing differentiated

And not only that, you can also 'randomize' the delays by a cipher with secret key, making it harder for third parties to detect them. It's also a nice way to set up a slow steganographic channel.

Re:same data, packet timing differentiated

Adding random-length random-value padding to packets (which are encrypted so this wouldn't be obvious) and delaying packets passing through a node by a random amount of time might prevent this. However the delays required would probably irritate users enough to drive them away and kill the project.

Re:same data, packet timing differentiated

Here in Advanced Internet Development Labs, we already have cures for those problems. TOR is actually a very primitive mixnet.

Expect some stealthy projects to come out quite soon.

After Reading The Paper

[NotSanguine]

It's clear that there are significant limitations to the tested identification methods. Firstly, it requires that the server endpoint be under the control of the entity attempting identification. Secondly, the TOR *entry* node being used must be identified (if you have the resources, I guess you could monitor traffic flows from *all* entry nodes) in order for the Netflow data to be compared between the Server-->Exit Node and the Entry Node-->potential target client. Thirdly, in order to generate enough traffic to have enough collected data for correlation, large (the authors' term, they do not identify the size of the file/data required, only that downloads must last ~seven minutes to collect enough data) amounts of data must be downloaded from the server.

It's an interesting piece of work, but pulling off an identification like this requires the anonymized client to both connect to a server specifically configured to generate traffic flows that can be identified, and once connected, the client must be induced to download a "large" file/dataset. What is more, those attempting the identification must also be able to gather Netflow records from the interface(s) associated with the specific (and likely unknown) TOR entry node as well, or monitor flows from *all* TOR entry nodes.

It seems to me, that while the above scenario is certainly feasible, if you can get a potential target to visit a server that's under your control and download a large file, you can probably infect the client with malware from that server, and have said malware phone home without TOR, producing a specific identification without false positives or negatives. Which would be much less resource intensive and more useful, IMHO.

Re:After Reading The Paper

But nobody who's taking sufficient care to secure things will just execute untrusted code, right?

Re:After Reading The Paper

I read the paper, too. While the researchers used a server, the server was not part of the TOR network. It communicated with the TOR exit node. Further, the server only "injected" timing patterns. So, it would be possible for a router, located between the server and the exit node, to inject the timing patterns. While not as clean as having the content server impose the timing patterns, it would still work.

As for length of time, this attack could be useful for tracking movie downloads - especially if the download speed was limited,

Re:After Reading The Paper

[NotSanguine]

I read the paper, too. While the researchers used a server, the server was not part of the TOR network. It communicated with the TOR exit node. Further, the server only "injected" timing patterns. So, it would be possible for a router, located between the server and the exit node, to inject the timing patterns. While not as clean as having the content server impose the timing patterns, it would still work.

An interesting point. Unfortunately, there's a problem with that: at the hypothetical intermediate router, how do you determine which data flow(s) should have their timing modified? If you do it to *all* the flows, that destroys the uniqueness of the pattern and hence makes identification orders of magnitude more difficult, if not impossible. The whole point of this is to create identifiable patterns that can be correlated with data flow patterns external to Tor on the *client* side.

As for length of time, this attack could be useful for tracking movie downloads - especially if the download speed was limited,

Since Tor actively discourages P2P file transfers (for performance reasons, apparently), which is the primary method for downloading media, especially large media such as movies (I found that bit in the paper to be pretty unrealistic) that's one of the things that minimizes the value of this kind of analysis. As I said in my previous post. If your target trusts the server that *you* control enough to download large files, then you're much better off exploiting browser/plug-in vulnerabilities to compromise the target and have it identify itself for you.

Re:After Reading The Paper

[NotSanguine]

But nobody who's taking sufficient care to secure things will just execute untrusted code, right?

Exactly. And because no security vulnerabilities exist in any network connected device, no systems are ever compromised. Sigh.

Re:After Reading The Paper

[Xylantiel]

But it probably is a problem if your opponent is a state-level actor. For example, China (and the US probably too) probably monitors connections to known tor entry/exit nodes. Given the attack mentioned, someone using tor in china is safe as long as the server being contacted is known to not be acting in concert with the adversary. However, if the server (or its connection to the tor entry/exit nodes) is also under control of the same adversary, then the connection can be de-anonymized. So this is a problem for chinese bloggers blogging on chinese blogs, but not so much on foreign blogs hosted outside china. Though it appears blog traffic would probably be too small to facilitate a successful attack.

Re:After Reading The Paper

[NotSanguine]

But it probably is a problem if your opponent is a state-level actor. For example, China (and the US probably too) probably monitors connections to known tor entry/exit nodes. Given the attack mentioned, someone using tor in china is safe as long as the server being contacted is known to not be acting in concert with the adversary. However, if the server (or its connection to the tor entry/exit nodes) is also under control of the same adversary, then the connection can be de-anonymized. So this is a problem for chinese bloggers blogging on chinese blogs, but not so much on foreign blogs hosted outside china. Though it appears blog traffic would probably be too small to facilitate a successful attack.

Absolutely. But the authors of the paper assert that:

As Tor nodes are scattered around the globe, and the nodes of circuits are selected at random, mounting a traffic analysis attack in practice would require a powerful adversary with the ability to monitor traffic at a multitude of autonomous systems (AS). Murdoch and Zielinski, however, showed that monitoring traffic at a few major Internet exchange (IX) points could enable traffic analysis attacks to a significant part of the Tor network [13]. Furthermore, Feamster et al. [14] and later Edman et al. [15] showed that even a single AS may observe a large fraction of entry and exit node traffic—a single AS could monitor over 39% of randomly generated Tor circuits

The implication is that less powerful (i.e., non-state) actors, given the ability to compromise a relatively small number of networks can perform these attacks as well. At the same time, the specific attack addressed has some serious shortcomings, as I noted in a previous post.

I'm part of the 18.6%.

I WENT THROUGH 7 PROXIES GOOD LUCK.

(and I'm not yelling, I'm quoting, lameness filter)

Re:I'm part of the 18.6%.

Yeah. The feds are really interested in keeping tabs everyone's anarcho-capitalist rantings on Slashdot. People wanting anarchy for the rich are having lucrative careers in the Republican party. The feds are not interested in some neckbeard in their mother's basement dreaming about the day he'll be one of the big captains of the industry and no longer have to pay any taxes. Meanwhile he's posting his dreams of this via Tor because the government is going to secretly strike him down before he becomes the next Zuckerberg.

Re:I'm part of the 18.6%.

lolwut?

no, just use tor to post more often. duh.

Re:I'm part of the 18.6%.

Okaaay I think someone has had enough kool-aid for one day.

No duh?

So if you can spy on the traffic from the user to the tor entry node, and can spy on the traffic leaving the tor exit node at the same time... then you can tell that the traffic you saw going to the entry node is linked to the traffic leaving the exit node?

NO FREAKING DUH!?

Good luck being able to sniff traffic on *both* ends.

Re:No duh?

[NotSanguine]

So if you can spy on the traffic from the user to the tor entry node, and can spy on the traffic leaving the tor exit node at the same time... then you can tell that the traffic you saw going to the entry node is linked to the traffic leaving the exit node?

NO FREAKING DUH!?

Good luck being able to sniff traffic on *both* ends.

You're misunderstanding the methodology. The trick isn't to sniff the actual data being transferred and can be used even with encrypted traffic.

The identification uses traffic analysis (using data generated from Netflow and similar management tools), not packet sniffing.

The way it works is that you get the target client to initiate a file transfer from a server specifically set up for this, then you modulate the data rate (2 seconds at 1Mb/sec, 5 seconds at 3Mb/sec, 5 seconds at 750kb/sec, etc., etc. in a specific pattern) at which the data is being transmitted. You then you compare the data flows from the server to the Tor exit node and the data flows from the Tor entry node to the potential targets.

If you can correlate the server-->exit node flow to a specific entry node-->client flow, you've just identified the client outside of Tor.

Re:No duh?

[nctritech]

It seems to me that you just said the same thing as the parent post.

Re:No duh?

[NotSanguine]

It seems to me that you just said the same thing as the parent post.

It seems to me, that you don't know the difference between packet sniffing and traffic analysis using Netflow and similar tools.

The links are there for your edification. You're welcome.

Re:No duh?

[nctritech]

There is no need to be rude or presumptive about my level of education. I shall explain what I meant in more depth to clear up any misunderstandings.

OP said: "So if you can spy on the traffic from the user to the tor entry node, and can spy on the traffic leaving the tor exit node at the same time... then you can tell that the traffic you saw going to the entry node is linked to the traffic leaving the exit node"

You said: "If you can correlate the server-->exit node flow to a specific entry node-->client flow, you've just identified the client outside of Tor."

Distinction Without a Difference - The assertion that a position is different from another position based on the language when, in fact, both positions are exactly the same -- at least in practice or practical terms.

Your provided links show that "packet sniffing" and "traffic flow analysis" are not different concepts in practice. The difference is in how the collected data is analyzed or for what purpose. For the purposes of this discussion where analysis of collected packets is for identical purposes, this is also a distinction without a difference. "A packet analyzer...is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network." "NetFlow is a feature that was introduced on Cisco routers that provides the ability to collect IP network traffic as it enters or exits an interface."

If you feel I have misinterpreted your statements, I would appreciate additional feedback.

Re:No duh?

[NotSanguine]

There is no need to be rude or presumptive about my level of education. I shall explain what I meant in more depth to clear up any misunderstandings. OP said: "So if you can spy on the traffic from the user to the tor entry node, and can spy on the traffic leaving the tor exit node at the same time... then you can tell that the traffic you saw going to the entry node is linked to the traffic leaving the exit node" You said: "If you can correlate the server-->exit node flow to a specific entry node-->client flow, you've just identified the client outside of Tor." Distinction Without a Difference - The assertion that a position is different from another position based on the language when, in fact, both positions are exactly the same -- at least in practice or practical terms. Your provided links show that "packet sniffing" and "traffic flow analysis" are not different concepts in practice. The difference is in how the collected data is analyzed or for what purpose. For the purposes of this discussion where analysis of collected packets is for identical purposes, this is also a distinction without a difference. "A packet analyzer...is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network." "NetFlow is a feature that was introduced on Cisco routers that provides the ability to collect IP network traffic as it enters or exits an interface." If you feel I have misinterpreted your statements, I would appreciate additional feedback.

My points were literal, rather than pejorative. Sniffing packets is gathering the *actual* packets. Netflow collects statistics about packets being transmitted/received. Do you see the difference?

GP stated "Good luck being able to sniff traffic on *both* ends." Firstly, traffic isn't being "sniffed." Secondly, With Netflow, it's not necessary to have packet sniffers on the specific links used in order to gather packet statistics.

What is more, since context is everything, GP was responding to my assessment of the paper (you know, the point of the article) and misunderstood the methodology used by the researchers. I explained.

If I (here and in my original post) have been unable to explain to you both the difference between packet sniffing and Netflow analysis and/or why GP misunderstood the methodology employed by the researchers, I suggest you read the paper yourself.

TL;DR : Packet sniffing != Netflow. Methodologies have impact on results and should be understood.

Should you want to criticize me, my reasoning or my (or at least your interpretation of it) tone for any other reasons? By all means, go right ahead.

Re:No duh?

[nctritech]

I understand where you were/are coming from now. Thanks.

Re:No duh?

[NotSanguine]

Your provided links show that "packet sniffing" and "traffic flow analysis" are not different concepts in practice. The difference is in how the collected data is analyzed or for what purpose.

This is an incorrect conclusion. Packet sniffing and Netflow analysis are significantly different in both theory and practice, both from the standpoint of data collected, as well as the method(s) of collection. Granted, if you are sniffing packets, you can perform a similar analysis, but that's both completely impractical (and in the context of the research) self-defeating. Attempting to sniff all packets off an IX Node requires mirroring all packets. Which would almost certainly cause serious congestion problems and be detected almost immediately. Collecting Netflow data from same wouldn't have a noticeable effect on the IX Node's network links.

Just to clarify that point. Collecting Netflow (or similar management protocol) data is significantly and demonstrably different (in the attack mechanisms posited by and the methodology employed by the researchers) in both theory and practice.

Yes, in a scenario with network links that carry much less data and both endpoints are known, packet sniffing and Netflow data collection *can* provide similar analytical results (I've done both myself), identifying data flows across large portions of the Internet (i.e., encompassing all or at least a significant fraction of Tor entry nodes -- in that the goal is identification of a device at an unknown location anywhere in the world) is a completely different animal.

I could go on, but those are the high points. The above should be obvious to anyone who has a reasonable amount of experience with IP networking. Perhaps I should have been more explicit, but given that this is a tech site and the article concerns a scholarly paper about networking, I assumed a certain level of working knowledge. My mistake.

Re:No duh?

[NotSanguine]

Distinction Without a Difference - The assertion that a position is different from another position based on the language when, in fact, both positions are exactly the same -- at least in practice or practical terms.

To clarify once again. The distinctions drawn are not based on nomenclature. There are specific and important technical differences which have real impact on the discussion.

As I read your post again, I'm sorely tempted to respond in kind. However, I understand that you thought I was assigning ignorance of this particular area of knowledge to you as an insult (although you did do so in your original reply -- note that I simply repeated what you said first), rather than as a simple statement of fact. In your position, I would likely have responded similarly.

Re:No duh?

[NotSanguine]

Distinction Without a Difference - The assertion that a position is different from another position based on the language when, in fact, both positions are exactly the same -- at least in practice or practical terms.

To clarify once again. The distinctions drawn are not based on nomenclature. There are specific and important technical differences which have real impact on the discussion.

As I read your post again, I'm sorely tempted to respond in kind. However, I understand that you thought I was assigning ignorance of this particular area of knowledge to you as an insult (although you did do so in your original reply -- note that I simply repeated what you said first), rather than as a simple statement of fact. In your position, I would likely have responded similarly.

My apologies. I mis-stated both what you and I posted. The above paragraph should read:

As I read your post again, I'm sorely tempted to respond in kind. However, I understand that you thought I was assigning ignorance of this particular area of knowledge to you as an insult, rather than as a simple statement of fact. In your position, I would likely have responded similarly.

Dear colleagues!

[grfrkr]

We do that for years with just a requirement for all ISPs to keep netflow data for 3 years.

Best regards,
The FSB.

But who would allow..

But who would allow a anonymous server to modulate data back to the client computer? I mean, it's not like people are connecting to Facebook through Tor.

Re: But who would allow..

Just my thought when I read about Facebook's dark site. A way to massively try new tools to deanonymize people, and such. Can't trust them

In other words

[msobkow]

In other words, you're only "anonymous" if you don't matter.

Re:In other words

Well, it depends how and to whom you don't matter ... you won't hide from NSA, but will hide from ISP, criminals, etc.

Next article on Slashdot.

Security researcher proves that knowing your plaintext password greatly increases the speed of cracking it's hashed value.

Where does the right to privacy come from?

[mark-t]

Where do people get the idea that privacy is some sort of inalienable right? I'll agree that it's a civic courtesy, and certainly it's impolite to disregard another person's privacy, but to that end, I see it as more of a social contract than any sort of actual right. I would suggest that any appearance of privacy we might seem to have is actually just an illusion offered by the fact that other people are either making a deliberate choice to be polite in that regard, or else they are simply not interested enough in what we think is private for others to be bothered with it. Either way, it's not something that you can actually control... its largely determined by what other people do or want.

Re:Where does the right to privacy come from?

Where do people get the idea that privacy is some sort of inalienable right?

Roe v. Wade perhaps?

Re:Where does the right to privacy come from?

> Where do people get the idea that privacy is some sort of inalienable right?

Where do people get the idea that anything is some sort of inalienable right?

Because those rights are a necessary foundation for a healthy, functioning human society.

Re:Where does the right to privacy come from?

[mark-t]

Except that society seems to function perfectly fine, even if not necessarily ideally, without everyone following the golden rule everywhere... which is what any kind of ubiquitous expectation of privacy actually generalizes to.

Re:Where does the right to privacy come from?

[Maltheus]

Uhh, from the Constitution:

The right of the people to be secure in their persons, houses, papers, and effects,[a] against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Re:Where does the right to privacy come from?

[NotSanguine]

Where do people get the idea that privacy is some sort of inalienable right? I'll agree that it's a civic courtesy, and certainly it's impolite to disregard another person's privacy, but to that end, I see it as more of a social contract than any sort of actual right. I would suggest that any appearance of privacy we might seem to have is actually just an illusion offered by the fact that other people are either making a deliberate choice to be polite in that regard, or else they are simply not interested enough in what we think is private for others to be bothered with it. Either way, it's not something that you can actually control... its largely determined by what other people do or want.

I don't know. I'm a private person, but not a secretive one. I don't mind sharing personal information with the folks I want to share with. I feel it's incumbent on me to keep things to myself. That may include encryption or access controls or just keeping my mouth shut.

Yes, there are those out there who want to know all about everyone, for their purposes. That doesn't mean I have to roll over and give it all up to anyone who wants it. If I take steps to protect data, ideas, information or anything else for that matter, It's in poor taste to attempt to circumvent those steps. Those who just throw it all out there without any concern, will be (in my estimation) victims of their own carelessness. That's their choice.

That said, in a truly free society, those with the monopoly on organized violence (i.e., government) should be restricted from encroaching on the personal spheres of that society's members, unless there is a compelling reason to violate that sphere (i.e., Probable Cause in the US). Unfortunately, we don't live in such a society, and neither the government (seeking control and power -- whether for noble or ignoble reasons) and a variety of corporate entities (for profit) are unable or unwilling to limit themselves. As such, if we want those folks "off our lawns" we need to take affirmative steps to make that happen.

Re:Where does the right to privacy come from?

[robogun]

I agree completely, and further I think the law should require everyone keep their windows and curtains open day and night, and the door to the shitter open. At least until the telescreen is invented.

Re:Where does the right to privacy come from?

See also Griswold v. Connecticut, 381 U.S. 479 (1965).

Re:Where does the right to privacy come from?

People like privacy. A lot of times, when people like things, other people will try to give it to them. For instance, some people like shrimp, so companies can make money selling people shrimp. Shrimp is not an inalienable right, but people like it, and there's a way to deliver to them, so in practice, while not an inalienable right, people can get shrimp. Now, maybe TOR can give people privacy.

Re:Where does the right to privacy come from?

[mark-t]

Just because I don't think people should really have any expectation of privacy at any time doesn't mean I think people should not have any right to do whatever is in within their own personal power and ability to directly control to preserve whatever privacy they feel they might be able to secure for themselves, to the extent that such efforts do not infringe on anyone else's freedoms or rights.

Re:Where does the right to privacy come from?

What if I'm in Saudia Arabia and am an atheist? The government decides to monitor hits to all atheist websites and forums, rounds up everyone identified as participating in them charges them with blasphemy and executes them. There are nations on this earth where you can be killed or imprisoned for expressing the wrong opinion and nations that are descending into a new dark age where certain opinions will become criminal. So spare us the you should have no expectation of privacy argument, nor the obligatory "If you have nothing to hide" argument.

Re:Where does the right to privacy come from?

[RuffMasterD]

From the Universal Declaration of Human Rights, as adopted by the General Assembly of the United Nations on December 10, 1948. Article 12: Right to Privacy...

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

It's one of our fundamental human rights, right up there with other inconvenient courtesies such as right to life, freedom from slavery, freedom from arbitrary detention, freedom from torture, right to asylum, and freedom of thought and religion. Everyone should know their rights. If you don't know your rights, you won't know what you risk losing.

The United States voted in favor of the declaration at the time. How times have changed...

Re:Where does the right to privacy come from?

[mark-t]

What if I'm in Saudia Arabia and am an atheist?

Even then.

I'm not suggesting if you haven't done anything wrong you have nothing to hide, because that's actually a completely misleading argument that can be easily shown to be a false notion anyways.

Privacy, as I said, is created by two things, neither of which one is really in direct control of. The first thing is how polite other people are making a deliberate choice to be... invading someone else's privacy, for any reason, almost invariably amounts to rude behavior. Privacy is a courtesy that as civilized human beings, we should always extend to those around us. The world, however, has more than its share of rude people, nor can you really legislate that people not be rude to other people, so the measure of confidence you can have in privacy in this factor is entirely out of your control.

The other thing that creates privacy is something that you may have a small amount of indirect level of control over, which is how disinterested other people are liable to be in whatever it is you are doing. but the only way you really can influence this is by taking efforts to try and secure some measure of privacy for yourself, to the extent that you do not harm other people or infringe on their rights, and to a degree that the efforts that must be taken by others to overcome the efforts you have put in to secure some privacy are likely to outweigh how interested other parties might be in knowing about whatever it is that you are keeping private. Such measures might give you a greater feeling of confidence or security, but since you actually do not have any real control over what other people might want or how badly they might want it, I would still suggest that any appearance of privacy you may seem to achieve for yourself is still going to largely be illusionary. Certainly, if the efforts required to overcome whatever barriers you try to put in place to give yourself some privacy amount to needing to break the law, then you can probably have a high degree of confidence in how much privacy you have, as long as whoever might be interested in your private affairs has not been offered any legal immunity... and you certainly deserve to have legal recourse when someone infringes on your privacy in that regard... not because they infringed on your privacy, per se, but because of whatever law it was that they actually broke.

I don't have to name them

Name one 'service' on TOR that has been up for long enough to get attention and not been busted?

Just enumerate the TOR services that are clearly, without question, 100% legal and socially acceptable and there's your list.

But for the fact that it's brand new, Facebook would be on that list.

reddit / google analytics

[fadethepolice]

I'm pretty sure reddit probably through google analytics may have started doing this around eighteen months ago. I tested trolling them with sock puppets and they could identify my house through tor but could not differentiate between individual computers in the house. So pretty much anybody that uses google analytics probably has this capability.

Some clarifications

I am here to clarify some misconceptions. '81%' of Tor traffic DOES NOT represent all the Tor traffic but only those that we used in our experiment, at a certain point of time. The paper primarily explores the practical challenges involved in actually carrying out a traffic analysis attack and the number shows that it can be used, but certainly NOT that 81.4 % of ALL Tor traffic is can be attacked. Please do not be paranoid. I have all the respect for the good work done by Tor folks.
Sambuddho

Anonymity is HARD

[dwheeler]

I'm not surprised. I wrote a paper back in 2003, Techniques for Cyber Attack Attribution, that listed a LONG list of ways to do attribution. This sounds a like a variant combining "modify transmitted messages" and "matching streams" via timing (see the paper).

Real anonymity is HARD. If someone wants to attribute you, it's hard to prevent.

Re:Anonymity is HARD

Error- request denied. Thanks for all the honey.

Re:Anonymity is HARD

[nctritech]

Go to the URL bar and hit enter. It's blocking access because of the HTTP referrer.