[tor-talk] Risk of checking multiple accounts with TorBirdy

[Mix+TB Test]

dhanlin:
> Sebastian G. <bastik.tor>:
>> 04.01.2014 09:05, dhanlin:
>> It also depends on where and who your adversary is.
> 
> The adversary I had in mind was a malicious exit node administrator.  If
> all e-mail accounts are accessed using the same circuit, it seems the
> exit node would see the near simultaneous connections (assume encrypted)
> to various e-mail servers, and even with one occurrence suspicion could
> be developed that the accounts accessed are linked.
> 
> Suppose I check simultaneously:
> - john.doe at yandex.com
> - jane.doe at gmail.com
> - my.actual.name at my.server.org
> 
> If the adversary wants to create a database linking many e-mail accounts
> accessed over Tor using secure connections, they could collect
> simultaneous e-mail account accesses from their exit node.  When the
> combination of the servers accessed simultaneously is distinct (e.g.
> yandex.com + gmail.com + my.server.org), the accounts can be linked,
> even if their account names are unknown.  (The actual account names
> could be found out retrospectively, for example by subpoena of gmail.com
> accounts accessed at a certain time.)

The exit node admin should only be able to see which email services you
are talking to, not the address you are using (assuming end-to-end
encryption). An even then they are only going to see it when you exit
through that node, which should not be all the time.

So worst case is that they can see three simultaneous connections to
different providers, not which addresses are in use.