Hacker News new | ask | show | jobs
by peterwwillis 4342 days ago
> you probably need to remain constantly connected and moving data through Tor 24/7

You almost have it. The problem is that just moving data through isn't enough. Given enough sample data, you can eventually figure out enough information about the traffic to correlate with another host moving the same traffic.

The most effective way to mask the effects of passive statistical analysis is to employ either a masking effect or a countermeasure. Either make all the traffic look identical (and have its rate be identical and constant), or make all the traffic look random, insofar as garbage is injected or frames are truncated at every hop.

Also, you don't have to control both ends. You just have to observe a given percentage of the traffic along its path(s), and you can determine a probability of which hosts lead to/from what traffic. If you're just trying to trace an unknown adversary, it may be able to [at the very least] identify the network they're on.
1 comments
opendais 4342 days ago
> Also, you don't have to control both ends. You just have to observe a given percentage of the traffic along its path(s), and you can determine a probability of which hosts lead to/from what traffic. If you're just trying to trace an unknown adversary, it may be able to [at the very least] identify the network they're on.

Really? I figured the number of hops involved meant as long as they couldn't control both Entry Guard & Exit Node you were relatively safe.

> The most effective way to mask the effects of passive statistical analysis is to employ either a masking effect or a countermeasure. Either make all the traffic look identical (and have its rate be identical and constant), or make all the traffic look random, insofar as garbage is injected or frames are truncated at every hop.

So, setup a webcrawler whenever you aren't using it that randomly crawls pages I suppose. Random garbage would make you easier to find, I suspect, since it doesn't fit with a "normal" pattern of any kind.

I mostly look at Tor out of curiosity. :)

link
peterwwillis 4342 days ago
I don't like the idea of 'relative' safety. I trust tor about as much as the extradition treaty of the country i'm using it from. And no, there's been many attacks on the tor network that have been successful without controlling the ingress & egress nodes.

Webcrawlers have a pattern too. The point is to generate garbage in such a way as to make the traffic indistinguishable and as random as possible, while still embedding a real payload. It would not be easy. The timing is often more telling than the data, though.

link
atmosx 4342 days ago
> Webcrawlers have a pattern too.

Nope. The ones that have a pattern are the ones that play by the rules. It's extremely easy to write a web-crawler that performs random actions (download torrents, seed data, make bing/yahoo/google/duckduckgo random searches and click on 25 random indexed results, etc.).

In order for a sniffing party to understand what it's going on, it will (probably) take a Bayesian approach which will require more data than one can generate in 100 years.

Writing such a crawler for an experienced developer is extremely trivial (e.g. ruby + mechanize + nokogiri).

link
opendais 4342 days ago
https://blog.torproject.org/blog/bittorrent-over-tor-isnt-go...

> download torrents, seed data,

I'm not sure that part of your idea is good.

The random crawler is what I had in mind but I doubt I'd implement it simply because I don't have a need to use Tor beyond curiosity.

link
atmosx 4342 days ago
Yeah okay, torrents aside, the idea is to generate random bursts of data transmission and you can do that easily.
link
peterwwillis 4342 days ago
What is that even supposed to solve? You're just making random network connections... it really does nothing to obscure origin or destination. It's not the target traffic so it'll get filtered out, and timing attacks still work on the target data.
link
opendais 4342 days ago
Fair enough. :)
link