Anonymous Blogging

[Paul Syverson]

On Mon, Nov 13, 2006 at 06:55:06PM +0800, RMS wrote:
> 
> I am a political blogger in a sensitive country and I would like to
> try out TOR to make my blogging anonymous, as recommended by Reporter
> Without Borders (RSF) in their handbook. I understand that with TOR,
> there is little chance of the government tracing my original IP
> address when blogging. However, I have reasons to believe that my
> Internet connection is under constant surveillance and since my
> "blogging" from my PC to blogger.com is sent in clear text, what would
> TOR help me in this case? Is RSF assuming that the government has no
> access to its citizen's connection?
> 

Note that your protection depends on what you mean by "surveillance".
I realize you may not know, but here is a quick description of the cases.

- If an adversary is _only_ monitoring the plaintext content of your
traffic as you send it to/receive it from the internet, then Tor should
protect the communication because it is encrypted.

- If an adversary is _only_ monitoring the plaintext content and the
traffic pattern (i.e., the pattern of packets or bytes that go by) of
your traffic where you connect to the internet, then you should be
protected because it will not see where your traffic exits the Tor
network.

- If an adversary is _only_ monitoring the plaintext content of your
traffic as you send it to/received it from the internet, and the
plaintext content at the other end of the circuit, e.g., as it is
received at blogger.com, then Tor should protect the communication
because it is both encrypted and changing appearance from the spot it
leaves your Tor client until it emerges after bouncing around the Tor
network.

- If an adversary monitors _only_ the internet connection of
blogger.com, but not your connection to the internet, then Tor should
protect the communication because the adversary will not see where it
entered the network, i.e., emerged from you.

- If an adversary monitors the traffic pattern of your traffic where
you connect to the internet, and monitors the traffic pattern where
you exit the Tor network, e.g., is observing the internet link of
blogger.com or the internet link of the last node in your Tor
connection to blogger.com, and if the adversary does simple analysis
on those patterns, it is likely to confirm that this is indeed your
traffic. (That is, with high probability, you are the source of that
post to blogger.com. I have no idea what sort of official deniability
remains. IANAL in any country.)

- If an adversary keeps track of the patterns of when you connnect to
the Tor network and when posts are appearing at your blog, over time
they will be able to confirm (as in the previous paragraph) that you
are the source of the communication. This is a trickier attack involving
more complicated statistical analysis and probably implies the adversary
is doing intense targeted surveillance.

Our soundbite way of expressing this is to say that Tor guards against
traffic analysis, not traffic confirmation.  As a rule of thumb if an
adversary can watch both ends of a circuit and do basic timing
analysis of it, they will be able to correlate these two. To say
anything more specific gets us into a bunch of math.

HTH,
Paul
-- 
Paul Syverson                              ()  ascii ribbon campaign  
Contact info at http://www.syverson.org/   /\  against html e-mail