[tor-talk] Network Analysis of Overlay Networks, Capabilities, Fill Traffic [was: VPN less safe?]

juan juan.g71 at gmail.com
Wed Jan 27 18:56:43 UTC 2016


On Tue, 26 Jan 2016 18:49:53 -0500
grarpamp <grarpamp at gmail.com> wrote:


>> virtually all the world's infrastructure is 'compromised'?  

> The USA and Soviets have decades experience tapping cables
> around the globe in a cold war sense.

	I think the paper is mostly referring to what governments
	laughably call 'lawful' interception? 


> >         Also, is there a more concrete analysis of what can be
> >         achieved by monitoring traffic on those cables?
> 
> Did you just push a bunch of packets over time into your ISP and
> have google send replies back? Well, they can see both ends, so
> they saw that traffic pattern in and out, and back in and out, so
> they know who's talking to who and when.


	I know... Notice that I'm further asking "how easy it is...to
	find users...servers" 

	But yes, my question was ambiguous. By "what can be achieved"
	 I'm asking  : how effective the traffic analysis
	 techniques are? 


	
> In addition to simple taps, they can also deploy passive or
> active nodes 

	True of course, so 'easy' becomes even easier...


> 
> Tor and other networks are good at hiding endpoints (users, servers)
> from each other,

	Something any ordinary proxy can do most of the time. Even
	ISPs/the 'interweb' by their own nature hide 'ordinary' users
	from each other.


> 
> However when it comes to such global (and regionally lucky) passive
> adversaries, and adversaries operating the networks themselves, I
> seriously doubt anyone can say with a straight face that these
> networks protect against network analysis... who is talking to
> who and when.


	In other words, tor is a failure. Unless of course we correctly
	see it as a tool for the US military.


 
> It would be harder for that analysis to succeed against networks
> that filled between all the nodes with fill traffic 


	Yeah. Even a 10 seconds visit to wikipedia sheds light on
	that...

	https://en.wikipedia.org/wiki/Traffic_analysis#Countermeasures

	" When no actual messages are being sent, the channel can be
	masked by sending dummy traffic" 




> Mindset, OMG bandwidth, probably
> buzzkills most research before it gets started.

	That seems somewhat odd given the tens of thousands of millions
	of stolen money 'allocated' to 'research' every year.

> 
> Here's some recent mostly tor specific threads if anyone's interested,
> plus whatever else has come up whenever I've mentioned this.
> 
> https://lists.torproject.org/pipermail/tor-dev/2016-January/010257.html
> https://lists.torproject.org/pipermail/tor-dev/2016-January/010290.html

	Thanks.




> Users often have better knowledge of the laws, operations and
> general feel in their countries 


	That may be so. In that case we are not talking about
	'beliefs' but about actual knowledge.


> and locales and areas of expertise
> than a handful of distant project maintainers largely based
> in one geopolitical exposure might have. You can download
> science, but you need more than that to win a street fight.



More information about the tor-talk mailing list