Does the fake network traffic help?

If the website and the ISP work together and measuring your network traffic, is it dangrouse for your Tor identity?

If I fake the network traffic by keeping refreshing the website, is that harder for analyst to detect my real IP address and the website I visit?

 

Tor traffic is padded so you can't deduce from packets which sites they correlate with. There's so much traffic going on it's unlikely anyone can succeed in timing attacks. I suggest you run tor relay bridge on your computer so other people route traffic through your computer. That way no one can tell if your computer is the origin of packets that end up to certain web page.

 

They can't be 100% sure that's you, but see this case.

http://yro-beta.slashdot.org/story/...-bomb-hoax-perpetrator-caught-despite-tor-use

 

I'm pretty sure that they did not in fact trace him. They just knew that it was most likely a student who made the threat. And they knew whoever made the threat was using Tor. So they checked the University ISP to see who was using Tor at that time. There was one guy at the University using Tor. So they questioned him and looked at his computer and he confessed. Had he connected to a VPN first, they would not have known that he was using Tor.

 

TOR over VPN is a great idea and its so easy to do!!

 

Yes Or Tor via VPN via SSH, stunnel or obfsproxy (obfs3 or maybe better, scramblesuit).

 

That doesn't really hold true for a bridge. Running a bridge will increase traffic from your PC into the Tor network, not to websites. Tor exit nodes make all of the connections to websites.

 

How to use scramblesuit bridge? If just copy scamblesuit line to the bridge field in Tor Network Setting of Torbutton , there will be an error saying the bridge line did not parse

 

I couldn't run relay at the age of Vidalia because I had to use proxy or bridge to connect to the Tor network

Government will know the time you using internet, or maybe the time you using computer, or the time you sleep, traffic rate can leak how much you addicted to the internet, if you don't fake the traffic.

 

I'm not sure what you mean by "age of Vidalia". Is Tor legal where you're at? How you deal with government monitoring will depend primarily on the country that you're in, and what is and isn't legal there. Here in the US, Tor is legal. Although legal, using it or running a relay/exit could still make you a "person of interest", get you on a watch list, or expose you to harassment and intimidation. You have to weigh the risk vs benefit for yourself.

I question the concept of fake traffic. It doesn't matter if the traffic you create is to sites that you actually use or if it's automated rechecking of a list of random bookmarks. The traffic is all real and it is all yours. It wouldn't be difficult to determine which ones are automated. As a Tor exit node, my traffic is a tiny percentage of the actual traffic leaving my IP. The government could work through my ISP, comparing the inbound and outbound traffic to determine which is actually mine (and find nothing of value in the process). I don't doubt that they can monitor all of any individuals traffic, but they can't do this with everyone. If 10% of the people started relaying traffic, their surveillance system would be completely swamped. As it stands right now, there's less than 900 exit nodes total, scattered around the globe. All of the traffic on Tor connects through those 900 exits. If you can legally run a relay or exit, you'll see lots of other legitimate traffic and your own will largely disappear into it.

 

If you run a non-exit relay, I totally agree with this. All of your traffic that's using Tor, plus all of the Tor traffic that your relay is forwarding, remain within the Tor network. If you run an exit relay, on the other hand, you also have traffic from others exiting the Tor network to destination sites. And, unless you specify your own exit for your Tor traffic, arguably none of your Tor-using traffic will exit from your Tor relay. Do I have that right?

If that's so, operating a Tor exit doesn't increase the anonymity of your Tor-using traffic. It just makes you more interesting to the Watchers. And of course, it's a public service, as it helps provide better anonymity to all other Tor users.

 

I may have misread the question.
If you're running a non-exit relay and running your own traffic into Tor, your own traffic will largely disappear. An adversary would need to compare inbound and outbound traffic, looking for outbound traffic with no corresponding input traffic. They'd also have to rule out the traffic of Tor itself, the contacting of directory nodes, etc.

If you're running an exit relay, your own non Tor traffic would blend into the rest of the traffic exiting your system. It would require the same type of inbound vs outbound comparisons to determine which if any is yours. Exit relays can also function as middle and entry nodes. I regularly see connections from mine to to other relays but nowhere near as many.

In both cases, an adversary has to monitor all of the inbound and outbound traffic, then perform a timing comparison in order to determine which traffic is yours. This comparison is more difficult for exit nodes where a single inbound connection can result in many outbound connections to a site, the ads on the site, etc. As a middle relay, it's usually one to one with the quantity being the main difficulty.

 

@noone_particular

Thanks for the clarification

As much as I love privacy, running a Tor exit at home would be too much of a red flag. I do use VPNs, of course, but a Tor exit might lead to a visit from XYZ. And then there might be questions about passwords etc.

If there were VPS providers that allowed Tor exits, and also accepted Bitcoins, I might go for it. But it seems that there aren't too many such providers. Indeed, it almost seems like providers that allow Tor exits are more likely to want verified information about customers.

 

For me, the situation is almost completely reversed. My internet usage is primarily for information purposes, technology, alternate news sources, forums, etc. There's very little online activity that I need to conceal. There's no financial or medical data or traffic. No social media save for forums like this one. I never have used a VPN. I very seldom use Tor for myself. Nothing I do requires it. My passwords would gain them nothing unless they wanted to impersonate me for some reason. The possibility of harassment exists but making a charge stick would be much harder. As far as becoming a person of interest, I most likely crossed that line 10 years ago. The way I see it, there is no completely safe way to oppose mass surveillance. Running an exit is something meaningful that I can do that is legal.

 

I agree. I would touch a Tor exit node with a 10 foot pole. I have heard of stories of LE crashing people's doors down and throwing them on the ground. Screw that!

 

I don't deny that it could happen. That said, I also believe that the threat of it is deliberately hyped as a form of intimidation. The more the possibility is presented to people and the more often it's repeated, the more real the risk appears. IMO, they publicize such events to convince people not to run Tor exits.