On Mon, Oct 15, 2012 at 2:48 PM, Mike Perry mikeperry@torproject.org wrote: [...]
Again, this experimentation is already done. It's quite clear that adding more objects to the world of Guard activity reduces traffic fingerprinting accuracy, regardless of if that activity is concurrent with client traffic or not.
If that's the case, then it would amount to, what? the equivalent of every user visiting one additional website on a regular basis? Every user visiting approximately the same website (since everybody downloads the same directory info)?
My understanding is that while users *would* resist fingerprinting better if everybody picked a random website off the internet and visited it periodically, it wouldn't help much if (say) we told everybody to visit CNN once a day. Gotta reread that paper and see if it says differently.
The only thing that would change this is if the adversary could somehow detect your directory activity using some other information channel other than the actual traffic patterns to specific Guards. If such a side channel exists, then yes, we would likely only experience the benefit during concurrent activity (due to feature resolution degradation).
Huh. If they're observing you, I bet directory traffic would be relatively easy to note. It's going to happen periodically whenever consensuses become unfresh; and it's doing to involve simultaneous requests to (approximately) all your guards; and has a characteristic "make one request for the consensus, then make a lot of requests to everybody for the descriptors" pattern; and it has a characteristic patterns of retries that probably doesn't look the same as retrying a failed circuit.
Further, the observer *knows* that the client is going to be making directory requests periodically: part of their algorithm is now going to be identifying which requests are directory requests, so that they can be ignored.
Unfortunately, it would seem that to a local observer, any directory guards that are not also Guards would provide this information channel, since all directory activity happens at roughly the same time, right?
That seems to be the case too.