From http://thestack.com/chakravarty-tor-traffic-analysis-141114: Related thread: good stuff about low-latency anonymity networks.
That was a good read. If anyone runs into a slightly more "tech" overview of this I'ld love to read it through. I have an interest in learning what (if any) pre and post TOR circuit configurations might be used to impede this "attack". MrBrian, your title mentioned router information stuff but the linked article sort of leaves me hanging on that. Did you mean "routing" information or the physical router software on the victim client's network? It appears to be routing and not router but I am kind of dense so I am asking? LOL!
See https://blog.torproject.org/blog/traffic-correlation-using-netflows I also recommend his PhD thesis: Sambuddho Chakravarty (2014) Traffic Analysis Attacks and Defenses in Low Latency Anonymous Communication http://www.cs.columbia.edu/~angelos/Papers/theses/sambuddho_thesis.pdf
It's funny that they've focused on his Netflow stuff. I find his LinkWidth tool to be far more disturbing. Basically, you can remotely measure traffic on any accessible server
That title is the title of the linked article. I don't have any additional information except that, in case you missed it, the link in the first post links to a paper.
But I guess using a VPN would complicate matters. What if you had one VPN on your real machine playing videos onliine while a VM is connected to a different VPN and the the TBB?
"But I guess using a VPN would complicate matters" I don't think it would complicate it a lot. Except that it would require the cooperation of your ISP for the final hop (and your IP address). It's not only Netflow that's the issue here (although that might be the most useful for the last section), their other probes are probably more dangerous because they can be active as well.
OK so even TOR users are not completely safe. I do wonder though why regular users would want to use TOR, is it purely about privacy?
Clearnet users (non-TOR) cannot even see 10% of the world net. Admittedly you miss the super bad don't need to see it stuff, but you also miss lots of other stuff. btw - the article in this thread has seen much rebuttal. I've read about it in the Airvpn forums and elsewhere. Middle thread MrBrian also posted a comment by the author lowering the out of proportion response to this information. I don't want to sound gullible either though. I still keep TOR on a leash with vpn's and encryption past the exit node. Rasheed187 - yes for me its all about privacy in the sense that even if someone was standing next to me, there would be no major crime to grab me for. And as I said above; I cannot access outside of clearnet unless I use TOR.
I'm not sure if I understood you correctly, but personally I don't see the need to hide all of my tracks, when I'm not even doing anything illegal. On the other hand, I do sort of care about privacy, I'm already using script/tracking blockers (mostly for speed) and I would also like to hide my IP, so that people can not locate you. Always handy if you get into some argument online. But I've read that "proxies" will slow down browsing, so I passed.
Isn't this a typical timing attack of matching traffic flows coming out of exit servers and comparing it with traffic going into entry nodes? I thought this problem has always been there and isn't new
What's new is the capability to do it remotely, without local network access, using tools like LinkWidth and public Netflow data.
Well Netflow's been around for ages, I'd say what's really new (assuming this is the way it's being done, at least in part) - is the scope and industrial scale of these kinds of possibilities - IOW, the mastering/subversion of the internet.
It seems that many network engineers don't care much about privacy and such, and just want better tools for analysis and management And then there are clever folk who subvert such tools
I did a major Netflow project for an ISP - for legitimate analysis and management reasons - in the late 90s and was acutely aware of privacy issues associated with it. AND - color me naive - I never ever thought they would be so stupid as to go down the road of mass surveillance using these techniques or with probes. I suppose that makes me the fool, no? I still think it is extraordinarily stupid and shortsighted actually (as well as hugely scary), because, within 5-10 years, it's more or less guaranteed that products and services will become available that will be very hard for the security services to inspect. As you sow....