Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries

Johnson et al (2013) Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries
-http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf

 

Well that's depressing.

 

Will this encourage the people who run tor to change things

 

Yes, I'm sure that they're on it.

 

Indeed.

There are some good aspects, though. Based on a first read:

• it's safest to just use ports 443 and 80
• it's least safe to BitTorrent
• short sessions are safer than long ones
• changing entry guards less often is better

I'm tempted to conclude that incorporating Tor into a nested VPN chain is at least neutral, and might even help. That's because entry connections are overall more at risk than exits, and because VPN connections through Tor typically use port 443. But I need to reread it a few times

Also, it's important to keep in mind that VPNs would be far more susceptible to the attacks that they're modelling.

 

I wonder if the boffins at torproject.org know about or have read this report and what they are planning to do about it, if anything?

-- Tom

 

When your potential adversaries have nearly global real time access to the networks you have to use, including most of the ISPs, and your software has to run on multiple operating systems, including one that was designed to spy and leak, there's only so much that you can do.
https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise

 

I saw it on tor-talk. The authors are part of the Tor research community. I'm sure that Tor developers had drafts, and they probably reviewed it. At least one of them, Paul Syverson, helped invent Tor.

 

Snoops can identify Tor users given enough time, experts say.

-- Tom

 

Today I learned what boffin means.