Hacker News new | past | comments | ask | show | jobs | submit login

If the adversary can watch the traffic at the entry node and any one of {the exit node, the websites you're visiting, a compromised router in between}, then they can de-anonymize your traffic pretty easily using statistical techniques. (All my links on this subject are a decade old; I'm sure there's newer research.)

The Tor client tries to take this into account when choosing entry and exit nodes, but it has to consider other threats as well and there's a limit to how well it can do. Remember the adversary only has to get lucky once to discover that you are a member of the Rebel Alliance and a traitor; you have to evade them every time.

Ross Anderson calls this "programming Satan's computer". It's like you have an NFA that always chooses the worst state transition rather than the correct one.




I agree with everything you've said, but just wanted to mention "Entry Guards" as the "solution" that the Tor Project came up with for, "the adversary only has to get lucky once". The idea being that the Tor client picks only a few nodes for network entry and re-uses them. Otherwise, eventually you'd connect to all entry nodes.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: