[tor-talk] Danish data retention on steroids

Niels Elgaard Larsen elgaard at agol.dk
Fri Jan 29 15:57:11 UTC 2016

I come from a meeting in the Danish ministry of Justice this afternoon,

They plan to reintroduce the data retention of Internet sessions.

It was scrapped in 2014 after the European Data Retention Directive was
declared invalid by the Court of Justice of the European Union.

But now Denmark plans to require data retention much more invasive than
both the old directive and the pre 2014 danish implementation of.

The most technical interestion points are:

* Logging of session (e.g. a TCP connection), IP addresses and ports in
boths ends.
* Timestamps
* NAT mapping
* Session volume (number of bytes)
* Geo position of mobile data sessions

The volume logging is a new idea.

So for TOR:

1. Tor would kill this right at the entry-node? Even a user fired up
TorBrowser, typed in http://example.com/foo.mp4, watched the video and
closed the brower, there would be enough negoitiation to obfuscate the

2. If a Tor user in Denmark, even using all non-Danish Tor nodes post
something using HTTP POST to a public blog, even one outside Denmark:
could the TOR user be identified given that probably what he posted is
public as well as the timestamp and that the size of POST can be
trivially calculated?

3. How many Danish Tor nodes in a circuit would you be comfortable with?

Niels Elgaard Larsen

More information about the tor-talk mailing list