[pavanky]

> One way is to record the fact that from your home computer originated some Tor traffic at almost the same time the Google search took place.

This either implies someone already suspects you and are monitoring you or that you are the only person searching on Google using Tor at that particular moment. I find the latter hard to believe. Even if it is true, it can be mitigated by more people using tor at the same time.

[unhammer]

You might want to run a non-exit node at your home. That way you have a lot of Tor traffic all the time, and the one time you really do need anonymity, it doesn't show up as anything unusual.

[im3w1l]

I don't quite know how this works, so forgive me if this is a stupid question, but couldn't someone just take the difference between your inbound and outbound tor traffic to find how much traffic originates from your computer?

[unhammer]

If the in/out rate of your bridge was both constant And lower than the max in/out rate of your connection, but it seems a bit of a stretch.

(And of course they wouldn't know that it was your traffic to whatever site they're surveilling, they'd just have evidence that was not inconsistent with you actively using Tor to do Something Or Other at that time.)

[sp332]

They might know how much, but they wouldn't know which traffic was yours.

[pavanky]

The same is still true even if you do not run a tor node.

[tzakrajs]

They can see all of the packets in both directions. Which mean they could tell when more was coming out than being relayed in.

[saalweachter]

Yes, because nothing will make you less interesting to law enforcement than running a Tor node.

[dobbsbob]

Google searching no, but an IRC room or being logged into something would be good for metadata. Especially a forum or chat room where you reveal timezone or other geolocation info. "It's snowing here"

Would not take long to grep ISP logs and find the known Tor bridges, Obfsproxy bridges, relays and who might have used them.

If you tunneled Tor traffic through a VPN exiting Russia then your local ISP has no Tor timing metadata to give, unless you're Snowden and your adversary is global. Running an internal relay would help obfuscate your own traffic too if you can connect to it on a local network it would be a lot harder to prove you logged into IRC channel #blowuptheembassy on the Al Qaeda IRC freenode server.