Delivery-Date: Sat, 30 Jan 2016 19:10:38 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 445E01E02CB;
	Sat, 30 Jan 2016 19:10:37 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 3EE2239325;
	Sun, 31 Jan 2016 00:10:29 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 1BA7A3936C
 for <tor-talk@lists.torproject.org>; Sun, 31 Jan 2016 00:10:26 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id EBwczvPxRFpf for <tor-talk@lists.torproject.org>;
 Sun, 31 Jan 2016 00:10:26 +0000 (UTC)
Received: from mail-wm0-x235.google.com (mail-wm0-x235.google.com
 [IPv6:2a00:1450:400c:c09::235])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id D70FE3911A
 for <tor-talk@lists.torproject.org>; Sun, 31 Jan 2016 00:10:25 +0000 (UTC)
Received: by mail-wm0-x235.google.com with SMTP id l66so26298767wml.0
 for <tor-talk@lists.torproject.org>; Sat, 30 Jan 2016 16:10:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=googlemail.com; s=20120113;
 h=from:subject:to:references:message-id:date:user-agent:mime-version
 :in-reply-to:content-type:content-transfer-encoding;
 bh=4+HxAYAt2nmAo5USt453klVcDKuEcTbKHwoYE+akwto=;
 b=duHpsHUP4G4JhIdUsdjtsjGEdD04j7okk4CqULGQwbs9TQLdWnWZz/FvFgHZOBP5wK
 wq8QH9XU9r6s7cXWXKW/jdqOvi++wQ00c//labaujE8Zz/ydjg8UJyVmmwtMH1uK0aBq
 AIni6lPNO1gGpE8QHK19GBhH9hawj7zBWuq3K3QHxqoEGADIesx4zgzb7it6av41ppCh
 k6YmMro0HwrmXhCues1KKIHMG2Kwpjp3ixGQS/zwdkPTia98yULdtJS4FKALlWVLLO3G
 sPCDmnFQHra2txFAs79/i/Jpa0V23FkEUJLvPbX1QI6ttS6WgyqJlGZ3Z9Vh7FkbbcSy
 jitw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:from:subject:to:references:message-id:date
 :user-agent:mime-version:in-reply-to:content-type
 :content-transfer-encoding;
 bh=4+HxAYAt2nmAo5USt453klVcDKuEcTbKHwoYE+akwto=;
 b=me0BiUcrT/GcpQxvvyLvZyDDu+kWHQgJZA3tGts5FeOEzk/4VU3vrXoQvaYIP0MRzL
 fYHPUUzev/iQh3Co2Z+TGAMRbCttoxnaW6e5ggTf3lohDIEBAic/CMdnRfc6RE8F2Dym
 RUTWNGCPX4ZSiwQsJ60CIkESwB5+zRa9ud9Q1pPIyWA23oVbWHTjSVgBXeBIYcx1Pk9X
 aVr8WU2467lgLT3YML8e/aBHCnpKfa+Tsoy+YPKts0nzG+20Jsg0w3Gmd7uSRGfh2g2w
 U2CdMS7kGqRZw4pE6TuktOwTmy0a8KSOV7cevQUUh2un3rokLTUOp1s1rQK2/9nnsc2W
 L+8A==
X-Gm-Message-State: AG10YOSzDJpi7ynzZfdj1ZfPXZ8fWkbwhDB7ajT+D6l+iChWTGhKdgP3I+aI0J8jdBVzAQ==
X-Received: by 10.194.161.166 with SMTP id xt6mr16757285wjb.98.1454199023039; 
 Sat, 30 Jan 2016 16:10:23 -0800 (PST)
Received: from [172.16.41.91] (195-154-136-42.rev.poneytelecom.eu.
 [195.154.136.42])
 by smtp.googlemail.com with ESMTPSA id jo6sm22198329wjb.48.2016.01.30.16.10.22
 for <tor-talk@lists.torproject.org>
 (version=TLSv1/SSLv3 cipher=OTHER);
 Sat, 30 Jan 2016 16:10:22 -0800 (PST)
From: aka <akademiker1@googlemail.com>
X-Google-Original-From: aka <akademiker1@gmail.com>
To: tor-talk@lists.torproject.org
References: <56AB8BD7.2090205@agol.dk>
X-Enigmail-Draft-Status: N1110
Message-ID: <56AD50E4.4070404@gmail.com>
Date: Sun, 31 Jan 2016 01:10:12 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.5.0
MIME-Version: 1.0
In-Reply-To: <56AB8BD7.2090205@agol.dk>
Subject: Re: [tor-talk] Danish data retention on steroids
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Niels Elgaard Larsen:
> * Session volume (number of bytes)

> 1. Tor would kill this right at the entry-node? Even a user fired up
> TorBrowser, typed in http://example.com/foo.mp4, watched the video and
> closed the brower, there would be enough negoitiation to obfuscate the
> bytecount?
> 

I assume "session volume" is the size of payload data transfered in a
single TCP session.
If a Danish Tor user visited a Danish website affected and the website
used non-multiplex http (everything before http/2 and SPDY) there would
be 30 different TCP sessions for all those pictures, scripts, 3rd party
tracker elements, etc on the website. So in the data retention database
there will be a very fine grained and timestamped traffic log of this
particular site visit, useable for traffic correlation attacks. The
situation gets even worse if the website uses some periodic push/pull
system like for example a twitter feed, creating and closing TCP
connections every few seconds.

Lots of data over one single persistent TCP connection = only one entry
in data retention database = not useful for deanonymizing Tor users.
Lots of data over many short lived TCP connections over a long period of
time = many fine grained entries in data retention database = useful for
deanonymizing Tor users.

It should also be taken into account the goverment could force the ISP
to terminate TCP connections every few seconds to increase the amount of
logs created.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

