[tor-talk] Padding effective against simple passive end-to-end correlation attacks?

[adrelanos]

I'll make a simple example to demonstrate the point.

Alice lives in country with few Tor users. Let's take Uganda as random
example from the Tor metrics page. There are between ~40 and ~120 Tor
users per day from that country. [1] Alice likes to read a local forum
and she posts in her local dialect.

Behavior A:
Alice always starts Tor every day around the time of xx:xx:xx and checks
a forum and posts.

Behavior B:
1.) Open a Tor connection.
3.) Transfer some cover/dummy traffic. The longer the better?
4.) After some time check doing the stuff. (Ex: check mail, go on
irc, post on forum) - Or at some random days, not doing any stuff,
supposed to be hidden.
5.) Transfer more cover/dummy traffic. The longer the better?
6.) Close Tor connection.

Adversary skills:
- Forcing the country's ISP's to log when and for how long someone
connects to the Tor network.
- Surveillance of the local forum, watching the forum post time stamps.
- The adversary compares the time stamp with the the public viewable
time stamp of the forum post.
- The adversary can watch the amount of encrypted traffic between Alice
and the entry guard.

Question:
Isn't it significantly more difficult for the adversary to find out who
is behind Alice's actions, when choosing Behavior B? It gets more
difficult than just comparing time stamps?

[1]
https://metrics.torproject.org/users.html?graph=direct-users&start=2012-10-28&end=2013-01-26&country=ug&events=off#direct-users