Comment by donmcronald
Comment by donmcronald a day ago
> Surely eventually I'm going to get a hit where all three nodes in the circuit are my nodes that are logging everything?
If you're looking for static assets, why would you need to see the whole chain? Wouldn't a connection to a known website (page) have a similar fingerprint even if you wrap it in 3 layers of encryption? Does Tor coalesce HTTP queries or something to avoid having someone fingerprint connections based on the number of HTTP requests and the relative latency of each request?
I've always assumed that, if a global adversary attack works, you'd only need to watch one side if you're looking for connections to known static content.
I don't know much beyond the high level idea of how Tor works, so I could be totally wrong.
If I don't know the whole chain (or I don't use a timing attack with a known guard and exit node) then I don't see how I'd know who sent the packet in the first place. The person in the chain would connect to a random tor guard node, which would connect to another random node which would connect to my evil exit node. My evil exit node would only know which random TOR node the connection came from but that's not enough to tell who the original person was.