[tor-talk] "Remation" -- joint GCHQ/NSA meeting on Tor

Andrea Shepard andrea at torproject.org
Fri Oct 4 23:55:02 UTC 2013

On Fri, Oct 04, 2013 at 05:43:32PM +0200, Griffin Boyce wrote:
>   There's been a really interesting document to come out of the Guardian
> todhttp://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-documenay:
> http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document
> Interestingly:
>   - NSA/GCHQ was fingerprinting using Flash
>   - They were wondering whether to flood the network with slow
> connections in order to discourage users
>   - Cookie leakage
>   - Timing attacks
>   - Supposed bug in TorButton mid last year
> There are some questions in my mind as to the legitimacy of this
> document -- particularly given that a slide is marked 2007, but
> references 2012. (In particular, neither Torservers nor TorButton
> existed in 2007).
> Thoughts?

I think "flood the network with slow connections" is a mis-read; they
seemed to be speaking of slow nodes that falsely advertise high bandwidth,
an attack which won't work since we now cap unmeasured bandwidths to
20 kbit/sec IIRC.

Their evident interest in this sort of thing suggests we should examine
the bwauth system more closely to be sure the node can't distinguish a
bwauth measurement from other connections, though - otherwise they could
still manipulate the path selection weights like that.

Andrea Shepard
<andrea at torproject.org>
PGP fingerprint (ECC): BDF5 F867 8A52 4E4A BECF  DE79 A4FF BC34 F01D D536
PGP fingerprint (RSA): 3611 95A4 0740 ED1B 7EA5  DF7E 4191 13D9 D0CF BDA5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 328 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20131004/0c15008a/attachment.sig>

More information about the tor-talk mailing list