Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Create a new issue
  • Issue Boards

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #6473

Closed (moved)
Open
Opened Jul 27, 2012 by proper@proper

Add research idea for bandwidth related anonymity set reduction

Attack:

  • The target hosts a hidden service.
  • A linguist determines, the target is living in country X.
  • Or it's a blog about things in country X.
  • Thus, the assumption that the target's hidden service is running in country X has a high probability to be true.
  • Easy to research (example): the fastest A Mbps line is only available in a very few parts of the country. Maybe only in one city. Most people have B Mbps and a few one still an old contract with the slow C Mbps.
  • The adversary buys lots of servers in different countries, installs Tor on those servers and uses Tor as a client.
  • The adversary can build now lots of circuits from geographical diverse places and probes the server by connecting to it's hidden service. The adversary can now accumulate how much down/upload speed the hidden service can provide.
  • Thus, the adversary knows now something more about his target and if A Mbps is only available in a few places he has nailed down the amount of suspects.

Another unrelated open question:

  • Preliminary consideration: Unless stream isolation is used, exit relays can correlate different activity from one user.
  • Can exit nodes differentiate "This is the user who keeps on reading some.site with a A Mbps line vs this is the user who keeps reading some.site with a C Mbps line line?"?
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#6473