Hacker News new | past | comments | ask | show | jobs | submit login

Tor helps, but is not especially robust against state-level actors / APTs. An actor running a sufficient number of entry/exit nodes could perform at least some traffic analysis.

Tor is an improvement. It's still a limited tool.




It would have absolutely prevented this person from getting identified. It looks like some kids doing a climate protest.

I can't but help read your post in comic book guys voice.


In comic-book voice, then: what would an intelligence agency or police force's response to a suspect known to be using Tor be?

Traffic analysis, at a cost, could establish that the suspect is using Tor.

TorMetrics shows slightly more than 1,250 currently-running Tor exit nodes. I'll presume this is typical, history shows it's pretty consisten over the past 3 months.

https://metrics.torproject.org/relayflags.html?start=2021-06...

I'm going to presume that a court could conceivably issue an order to log all Tor-based traffic. A state actor / APT might then be able to correlate a known IP and traffic at a given point in time with other data to identify a source IP. This might be combined with other measures to encourage circuit-jumping until the suspect is on a specific known or monitored Tor circuit.

Yes, costs increase. I don't see this as technically infeasible, however.

Might not be rolled out just for a house-squatter, however.


Yeah, what you outline means Tor is Swiss cheese (ha, ha, long game pun), when it comes to traffic analysis. Are all the IPs for Paris to Tor being logged at the ISP level? You bet!

Frankly, I don't think anyone is safe from the tip of a nation state, even small ones. But I do think we should protect everyone else and Tor would have done that.

Because this was clearly civil disobedience and that is what we really should be protecting.

https://www.cactusvpn.com/vpn/is-tor-safe/


Agreed on goals. Tor undoubtedly helps, and even where it fails, the raised costs are themselves a win for the pro-privacy crowd.

Just ... don't think it's a majykal bullet. It's not. Tradecraft matters, vulnerabilities exist. Examine and review your threat models.


No it’s not bulletproof but there isn’t really any other network with the same availability which would protect against a targeted and sustained analysis.

Even if a nation state was targeting you, it would still take months for a timing/bandwidth attack to identify a user. Even then it would only provide your adversary a probability of certainty and requires consistent traffic from the victim through a compromised exit node.

No system is 100% perfect but tor will make most attacks prohibitively expensive.


Probabilities factored in with other data can be exceedingly useful.

Remember: all you need is 33 bits.


In discussion with Christine Webber on Mastodon: Onion services rather than simply using Tor as a transit service offers far more protection.

Here, data enter the Tor system, but don't leave it as the onion service itself has a Tor address.

Yes, traffic analysis and timing correlations may still be used to draw inferences, but again, costs are raised, and that's the critical factor.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: