[lazyBilly]

I think this is actually a pretty strong endorsement of TOR, just based on what I briefly read here. They had a wiretap running, and all they got out of it was "he's definitely using TOR." That's pretty awesome, if you ask me.

[tptacek]

The bug that breaks Tor for a hostile government is not going to be disclosed in an indictment or in unsealed court proceedings.

[chernevik]

But whatever they used to find him may be discoverable. Even if they had such tech, they might still have foregone it here to keep it out of discovery.

They might have other teams using it for intelligence rather than case-building. If they sequestered those from the teams building evidence that usage might not be discoverable.

[aortega]

Did you read the indictment? They got it specifically by matching TOR traffic to his online-activity patterns. Obviously they matched perfectly. IMHO this was a weak proof, but still is totally unacceptable for a secure network not to hide traffic patterns.

[runn1ng]

To cite the first Tor research paper: https://svn.torproject.org/svn/projects/design-paper/tor-des...

Not secure against end-to-end attacks: Tor does not claim to completely solve end-to-end timing or intersection attacks. Some approaches, such as having users run their own onion routers, may help; see Section 9 for more discussion.

They are repeating it several times in their documentation, too.

It's not really a bug - there is little that can be done here, IMO.

[inchcombec]

The only way to really counter such an attack would be to have a constant stream of traffic going 24/7 that is set at such a level that your normal usage never exceeds it. Then, when you send a real message, the computer throttles back on the garbage communication and injects your real traffic into the stream. The amount of traffic thus remains constant and it would be difficult to do any type of frequency analysis on the traffic.

However, depending on how high the garbage stream must be set to ensure that there is never a spike of real communications higher than that, it could easily be too costly for most people.

[shabble]

I'm not sure it would have to consistently exceed it, as long as it varied in a random fashion, and that your actual use of the network didn't result in an observable increase in instantaneous or average traffic.

So if it saturates your connection for an hour for 6 hours randomly spaced throughout a day, it's not immediately apparent if that's because you're using it, or it's a decoy stream. Varying the amount used (and always adding at least a little extra when in use) would also make it harder to detect.

At least, that's how it seems to me. There may be some sort of cunning statistical attacks depending on the implementation, especially if the attackers have the endpoint under physical surveillance (and notice that your presence always matches traffic increases of some level)

[wiredfool]

I wonder if running a tor node would have helped mask any signal in a whole bunch of noise.

[eli]

Once the FBI has a surveillance van parked outside your house, I think you already lost. I don't think there's much you can realistically do.

[aortega]

Yes you can, if you know math. Plus, with math knowledge often comes the wisdom to not commit crimes.

[hack_edu]

I have some serious doubts about the validity of this claim. While the its possible in proofs of concept, I reserve judgement until they can prove it in a court of law.

[eli]

Actually the wiretap only permitted them to see IP addresses not packet contents.

[redthrowaway]

Packet contents wouldn't have helped, due to multiple layers of encryption.

[vonsydov]

the case was mainly built by correlating internet activity timing...WITH an informant on the other end.