Will this defeat a global adversary?

Let's say all traffic in the world is monitored and recorded by a three letter agency. Any attempt at anonymity against this global adversary is hopeless with TOR, as traffic timing will eventually reveal to the global adversary who connects where.

However, what if everybody sends streams of random data to each other continuously, and the actual data is encapsulated within these streams when the data is to be transmitted. If the servers know where the data starts and ends within each stream, does the global adversary know that too, and can therefore break the anonymity by timing comparisons?

Surely the adversary cannot own ALL servers in the world but only a percentage, given a percentage A% how many hops are enough to reduce the probability of the anonymity being broken to 1 in a 1000 or less?

 

Seriously, if your wanted by a three letter agency it's time to get off the internet and head into the mountains. Can they break TOR? Most likely. Can they break encryption? Most likely.

If you want anonymity turn off your PC .

 

I'm not wanted, it's just a technical challenge. Why won't what I suggested work?

 

Because they can systematically place nodes around people of interest to see if its you, until they move their node cluster on top of you, see your data and confirm its you.

 

The level of padding required for constant traffic among all nodes would be impractical. Also, adding new nodes would be complicated, and trivially detectable.

That said, it seems that the Tor Project is considering better padding. See -http://www.mail-archive.com/tor-bugs@lists.torproject.org/msg27756.html- for example.

The best defence against timing attacks is high latency.

 

An additional layer or four might be added:
Layer 1 - utilise several WiFi nodes beaming from the originating computer to Access Point 1 then to another on a different network and then another etc. (Keep in mind the distance record for WiFi is over 380km/237mi. at a sustained 3Mbs.)
Layer 2 - utilise a small programme which delays by random time each transmittal from the originating computer.
Layer 3 - optionally be connected to more than one network at a time and transmit only some requests through each switching networks often
Layer 4 - utilise a different cryptographic algorithm for each transmittal having arranged for syncing with the receiving points ahead of time (each receiving point would switch encryption methods and codes often and each being very long)

 

What you want can't be achieved easily. you need lots of money which I doubt you have. Even the best hackers get caught, so with that in mind tread carefully. I might add the world is a very nasty place, so use the information you learn carefully.

I'm all for open discussion, everything should be open for discussion but these threads give people false ideas about anonymity and privacy.

 

Are criminal botnets any harder than TOR for a global adversary to investigate/de-anonymize?

 

Not at all.

The latest most-hidden botnets use Tor

 

Let's say this is not correct (i.e. science fiction). And that's it.
Problem solved.
Mrk

 

If a global adversary exists, then why haven't all criminal botnets been de-anonymized and their operators arrested?

Perhaps because botnets are run by the same criminals that run most governments behind the scenes.

 

Hanlon's razor: Never attribute to malice that which can be adequately explained by stupidity.

Conspiracies do not work because people are plain incompetent, hence the conspiracies.

Mrk

 

And what is the stupidity explanation for botnet operators not getting caught pronto despite claims in this thread that anonymity is hopeless against a global adversary, what is the explanation for that?

Global adversary not interested in criminals but all citizens?

 

It is your claim, and it is incorrect. If you think government clerks anywhere have the means to pull off anything more than getting confused by how to print their documents, you are deluding yourself, hence the razor. Conspiracies cannot work because if the sheet stupidity of everyone involved.

I'm done debating implausible whatifs.

Mrk

 

You are not debating, you are just saying things that apply to another universe or something: technically hopeless clerks in charge of tracking internet criminals? Not common sense in this world.

 

TLAs aka "global adversaries" obviously do exist. But their capabilities, while undoubtedly massive, are highly uncertain. And that's very intentional. They are very cautious about disclosing anything that reveals their capabilities, and/or limitations in them. I doubt that breaking up criminal botnets would be worth the risk, unless those botnets were working for strategic opponents.

 

Operation "Olympic Games" proves they have the will, the money to do covert operations or conduct cyber war.

Now Government may be the image of inefficiency but if it's one thing they have been doing for years and has served them well is to hire out to contractors.

Which they likely did in operation "Olympic Games"

 

Anyone who thinks that 3-letter agencies (both U.S agencies and their foreign counterparts, many of whom play nice with ours) don't have the capability to tap most, if not all electronic signals and networks, they're living in past times. The only thing really keeping it at bay is the same thing that started it, politics. Conspiracy theories, well, they are what they are, and most are BS. But surveillance by these agencies is not one of them. One only needs to remember AT&T to know they're very interested and capable of doing a lot. Also, one needs to remember that on Facebook alone resides a bit over 1 billion people..in a world of a little over 7 billion (without getting into the fake account numbers). That's a lot of data in one place and these agencies are crawling all over FB. Why is warrant-less wiretapping so hard to get out of law? It's probably because these agencies are doing the pushing behind the scenes for one thing, for another the locked off server rooms that were found in AT&T have more likely than not been built at other large ISPs as well (smaller ISPs being much easier to get to cooperate with them). Am I NSA? No I'm not. But it would make no sense to tap AT&T and not others.

Olympic Games is a genius move, and is likely a testing ground of sorts for upcoming operations. Cyber-warfare has been going on for some time, even before Stuxnet came along. But Stuxnet enabled and the lessons from it will enable warfare to change drastically. The whole "clerk" argument means nothing here, as the men and women behind these operations are no clerks. Government as a whole can be stupid and knee-jerk reactive, but the truly smart ones that don't get scandals named after them or show up on CNN, they can change the game. There are no real technological roadblocks in the way, just the political risk involved. For now, some of this can be avoided by using nothing but VPNs/TOR (hoping the VPNs don't get spooked by threats and you don't run into any bad TOR nodes). But we have no guarantees this will be true 5, 10 years from now. Are they "after" everyone? No, not at all. But that doesn't mean they don't have the ability if they want it. Really the tech we as users are embracing has done more to assist them than any new toy the NSA or DARPA has come up with. If you think about it, they don't have to try especially hard now to get the data they may want.