German data rentention law

Sven Anderson sven at anderson.de
Sun Oct 19 00:30:32 UTC 2008


Am 18.10.2008 um 22:13 schrieb Roger Dingledine:

> 2) Maybe, consider starting circuits unpredictably before we want to
> attach a stream to them (we already mostly do that, since we build
> circuits preemptively), and closing circuits unpredictably after we  
> are
> done using them. The idea there is to make the TCP connection logs at
> ISPs not correlate with when a given Tor stream started or stopped.  
> I say
> "maybe" because it's far from clear that all ISPs will be forced to  
> log
> TCP connection start and stop timestamps.

Wait, ISPs will _not_ log TCP connections (in general). Do you have  
any reference for that assumption? All sources I know don't let any  
doubt that ISPs will _only_ keep data, which they log anyways, that is  
which IP has been assigned to which user at which time. And even this  
information has to be deleted immediately after the internet  
connection (access, not TCP!), if it is not necessary for billing  
(flat rate contracts). This has been confirmed by German courts  
already. And this is in clear contradiction to the new data retention  
law. So it will be very interesting how this will continue, since it  
is assumed by many, that the data retention law violates the German  
constitution.

> point. According to our research if an attacker manages to get data  
> from
> both sides, this appears sufficient for linking the user to the  
> website.

According to Raccoons calculations some weeks ago this isn't so easy  
as it seems. Did you do experiments in the real Tor network?


Regards,

Sven

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2415 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20081019/02328118/attachment.bin>


More information about the tor-talk mailing list