Hacker News new | ask | show | jobs
by ddtaylor 660 days ago
> do deep packet inspection

There is no DPI on Tor networks. Traffic analysis for de-anonymization for Tor works by knowing all the variables in the system and solving it, not by looking at any content of the packets themselves.

The last time something like that was possible at all in Tor it broke it entirely and destroyed the anonymization. The bug involved a vulnerability in the way Tor handled the traffic confirmation attack on Onion Services. This attack allowed malicious relays to embed uniquely identifiable information into Tor cells (the packets used in the Tor network).
1 comments
g-b-r 660 days ago
No, you just need to observe the timings, and only of the first and last segments of the communication

Western nations will probably have access to them in most cases, at least for traffic originating and ending in one of them

link
ddtaylor 660 days ago
That's not deep packet inspection, just FYI. Timing and traffic correlation attacks never get any access to the packet information and piggy back on existing network weaknesses (correlating IP addresses based on timing metadata)
link
g-b-r 660 days ago
Yeah, but there's no need of "knowing all the variables in the system" and there's no "last time something like that was possible", it's always been possible.

And you get the "packet information" out of the exit nodes...

link
roywiggins 660 days ago
DPI usually refers to actually poking around the contents of the packets, which in TOR are (hopefully) minimally informative. With timing attacks you just keep track of the volume.
link
g-b-r 659 days ago
Why is DPI still being brought up? And what was wrong in my message?

With timing you keep track of the volume and... timing, which (often) allows you to correlate the entering and exiting traffic...

link