[jofla_net]

I remember that, Schneier talked about it on his blog.

It was actually tor (the threat came from tor), and harvard 'found' him by constantly logging what connections were going to known tor entries from on campus. As it turns out he was one or possibly the only one using tor that morning from harvard.

Bruce outlines it that he certainly could have stayed tight-lipped (all evidence was circumstantial) but, nevertheless confessed as soon as they approached him.

[sodality2]

Network traffic analysis/DPI strikes again. I wonder how many people think that their VPN usage obscures their identity, when the flow of traffic at certain times gives X% probability that this person visited the site based on the timing/size/speed/length of each TCP stream, increasing in confidence every repeated visit. Hell, how often will someone download a file of exactly 7060378032 bytes? It may not be damning evidence, but it'll surely put you under suspicion; sometimes that's all it takes.

I'm looking forward to when VPNs always throw up chaff traffic.

[IlikeKitties]

> I'm looking forward to when VPNs always throw up chaff traffic.

Mullvads DAITA (Defense Against AI-guided Traffic Analysis) is going into that direction[0] and Mullvad is one of the better providers. Tor also has some protections against this afaik and the upcoming nym vpn is also doing some traffic obfuscation [1]. But as the saying goes: Correlation Attacks are a bitch.

[0] https://mullvad.net/de/vpn/daita [1] https://nym.com/

[crossroadsguy]

> https://nym.com/

The first line on the landing page says:

"The world’s most private VPN 80% off today!"

Very intresting.

[heavyset_go]

It's not even that complicated, the list of Tor entry nodes is public, all they had to do is look in their logs for connections to those IP addresses coming from their network.