[tor-talk] on the topic of tor's weaknesses

Sebastian G. <bastik.tor> bastik.tor at googlemail.com
Sat Feb 25 18:26:46 UTC 2012


Chris Wheeler, 25.02.2012 18:06:
> I have been reading a lot about end-to-end correlation attacks on tor. I am
> writing a paper on the subject and have a question which I can't seem to
> find an answer to. I understand these attacks rely on the attacker being
> able to view the traffic of the first relay a client is connecting to and
> the exit server. At this point they could make a correlation of what exit
> traffic is specific to that client based on statistical analysis. My
> question is: since bridges are just entry-point relays, If one could be
> certain that they were connecting to a bridge that is not compromised (for
> instance, if they themselves controlled the bridge), would they then be
> protected from such an attack?
> 

IMO not, since the first and last hop don't need to be compromised. An
attacker just needs to watch the traffic without being part of the
network. e.g. an ISP that hosts a bridge (or any other first hop) and
the exit. It's most likely that government will seek assistance from ISPs.

When I connect to a bridge an attacker could still see the traffic going
from my client through the exit. The only point is that bridges are not
listed so an attacker would need to know that I use a bridge.

A normal entry node is listed so an anyone could simply look if that IP
I'm connecting to is related to the Tor network. With bridges one needs
to know or guess that I'm using Tor.

I'm not sure how obfsproxy will affect the traffic flow.

Please note that I'm not involved in the Tor development process nor a
Tor official. You shall treat this as opinion/pov of a random dude.
Anyone with better knowledge should speak up and correct me.

Regards,
bastik_tor


More information about the tor-talk mailing list