[tor-talk] End-to-end correlation for fun and profit

Ted Smith tedks at riseup.net
Wed Aug 22 00:29:42 UTC 2012


On Mon, 2012-08-20 at 10:33 +0300, Maxim Kammerer wrote:
> Hello gentlemen,
<snip>
> [1] http://pastebin.com/hgtXMSyx

I ran this script on the current consensus. The full results (the
nodes-sniff-summary file) are below my signature. How did you compile
the country-codes to IPs list? That wasn't produced by the script.

It's comforting that this approach yields quickly diminishing returns.
Going from 25 to 60 networks only gets you a 10% increase in networks
surveillance (if I'm reading the output correctly), and returns plateau
entirely at that point (I'm considering about two percent to be in the
noise, which may not be appropriate to this domain).

Also, it's not immediately clear whether eavesdropping those networks
would actually get you strong enough correlation to accurately
de-anonymize users[1]. If our rodent(?) friend(s?) could comment on
this, I'd appreciate their expertise.

I also think that if it were possible for "unsophisticated law
enforcement" to deanonymize Tor users, they would already do it. If I
remember correctly, the Tor project gets a lot of requests from law
enforcement to deanonymize Tor users for them, which indicates that they
can't do it themselves (Andrew Lewman would be able to say if I'm
correct or not). 

I've also never heard of a conviction obtained through the use of this
material, though sophisticated TLAs might not much care. I wonder what a
search through the email dumps leaked by Anonymous in the past year for
Tor would yield. If this attack were possible in the wild, I'd expect
one or more of those contractors to be using it.

[1]
https://lists.torproject.org/pipermail/tor-talk/2008-September/019231.html


-- 
Sent from Ubuntu

1 .32%
2 2.76%
3 4.50%
4 6.30%
5 7.03%
6 9.24%
7 10.12%
8 10.80%
9 11.75%
10 14.04%
11 15.95%
12 16.24%
13 18.60%
14 23.10%
15 23.45%
16 24.84%
17 26.27%
18 27.36%
19 27.74%
20 27.74%
21 28.86%
22 28.86%
23 29.25%
24 29.25%
25 30.40%
26 30.40%
27 30.40%
28 30.80%
29 30.80%
30 31.57%
31 31.98%
32 31.98%
33 32.39%
34 32.39%
35 33.60%
36 33.60%
37 33.60%
38 34.02%
39 34.02%
40 35.26%
41 35.26%
42 35.26%
43 35.26%
44 35.69%
45 35.69%
46 36.52%
47 36.96%
48 36.96%
49 36.96%
50 36.96%
51 36.96%
52 36.96%
53 36.96%
54 37.40%
55 37.40%
56 37.40%
57 37.40%
58 38.25%
59 38.25%
60 38.25%
61 38.25%
62 38.70%
63 38.70%
64 38.70%
65 38.70%
66 38.70%
67 38.70%
68 38.70%
69 38.70%
70 38.70%
71 38.70%
72 39.15%
73 39.15%
74 39.15%
75 39.15%
76 40.02%
77 40.02%
78 40.02%
79 40.02%
80 40.02%
81 40.02%
82 40.02%
83 40.02%
84 40.02%
85 40.48%
86 40.48%
87 40.48%
88 40.48%
89 40.48%
90 40.48%
91 40.48%
92 40.48%
93 40.48%
94 40.48%
95 40.48%
96 40.48%
97 40.48%
98 40.48%
99 40.48%
100 40.48%
101 40.48%
102 40.48%
103 40.48%
104 40.48%
105 40.48%
106 40.48%
107 40.94%
108 40.94%
109 40.94%
110 40.94%
111 40.94%
112 40.94%
113 40.94%
114 40.94%
115 41.83%
116 41.83%
117 41.83%
118 41.83%
119 41.83%
120 41.83%
121 41.83%
122 41.83%
123 41.83%
124 41.83%
125 41.83%
126 41.83%
127 41.83%
128 41.83%
129 41.83%
130 41.83%
131 41.83%
132 41.83%
133 41.83%
134 41.83%
135 41.83%
136 41.83%
137 41.83%
138 41.83%
139 41.83%
140 41.83%
141 41.83%
142 41.83%
143 41.83%
144 41.83%
145 41.83%
146 41.83%
147 41.83%
148 41.83%
149 41.83%
150 42.30%
151 42.30%
152 42.30%
153 42.30%
154 42.30%
155 42.30%
156 42.30%
157 42.30%
158 42.30%
159 42.30%
160 42.30%
161 42.30%
162 42.30%
163 42.30%
164 42.30%
165 42.30%
166 42.30%
167 42.30%
168 42.30%
169 42.30%
170 42.30%
171 42.30%
172 42.30%
173 42.30%
174 42.30%
175 42.30%
176 42.30%
177 42.30%
178 42.30%
179 42.30%
180 42.30%
181 42.30%
182 42.30%
183 42.30%
184 42.30%
185 42.30%
186 42.30%
187 42.30%
188 42.30%
189 42.30%
190 42.30%
191 42.30%
192 42.30%
193 42.30%
194 42.30%
195 42.30%
196 42.30%
197 42.30%
198 42.30%
199 42.30%
200 42.30%
201 42.30%
202 42.30%
203 42.30%

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20120821/67967bca/attachment.pgp>


More information about the tor-talk mailing list