Comment by cookiengineer
Comment by cookiengineer 19 hours ago
The issue that TOR has is that it's a layered routing concept that won't respect ASN based spreading/scattering of traffic.
Circuits are temporary but the traffic is not scattered across the network to make MITM fingerprinting of request/payload sizes/timestamps impossible.
A typical MITM like the FBI surveillance van next door can identify you by observing the network packets and by _when_ they were requested and by _how large_ the payloads were. There was a famous court case where this was enough evidence to identify a user of an onion service, without the FBI having access to the Wi-Fi of the user. But they had access to the exit node logs that were encrypted, the pcap logs to the onion service from that exit node, and the encrypted Wi-Fi packets of the user.
(Also TLS lower than 1.3 and SNI related problems are relevant here, because DNS TTL 0 effectively makes everyone's privacy compromised, shame on you if you set a DNS TTL to 0)
My point is that with more randomized hops across the network and across ASNs it would be less likely that a threat actor can control both guard and exit nodes.
(Assuming that they parse RIR datasets to map organizations across ASNs, which the datasets already provide)
Would an Ethernet cable plugged into your ISP router defend against the above mentioned surveillance (i.e., no WiFi snooping)? Or did the FBI PCAP at the ISP?