[ohmygodel]

The problem seems well-advertised to me. From the Tor FAQ (https://www.torproject.org/docs/faq.html.en#AttacksOnOnionRo...): "it is possible for an observer who can view both you and either the destination website or your Tor exit node to correlate timings of your traffic as it enters the Tor network and also as it exits. Tor does not defend against such a threat model."

I think that Tor does already implement some padding protections, specifically against correlation via NetFlow records. See the spec at <https://gitweb.torproject.org/torspec.git/tree/padding-spec.... and an implentation history at <https://trac.torproject.org/projects/tor/ticket/16861>.

The effectiveness of further padding protections aren't clear unless you go to full padding, which is very expensive (probably impossible for mobile clients, for example). Tor is successful, in my opinion, because it understands that reducing performance reduces users and thus actually harms anonymity.