Comment by HDThoreaun

Comment by HDThoreaun 2 months ago

3 replies

View on Hacker News

Each server is only used by a single operative though, how do you even find which IP to analyze? The story with Tor and espionage is that if an asset connected to cia website the gov which monitors internet access would know they went to the site. Even if its not a public site they just need to have one operative defect and tell them the site and they can catch all the other operatives who use it. But if everyone connects to a different IP I dont see how traffic analysis helps you discover you is connecting with the cia.

DrillShopper 2 months ago

> But if everyone connects to a different IP I dont see how traffic analysis helps you discover you is connecting with the cia.

I assume that they're connecting multiple times with the CIA - it's not just a one and done drop. That's trivial to look at - if you see someone connecting repeatedly to an IP address that doesn't associate with any known website/service and you see them do it consistently then that's suspicious.

Maybe if the IP addresses rotated it wouldn't be as noticeable, but if you're going over the clearnet then you can't disguise the IP address you're connecting to (short of proxies but then you're giving up the IP address of the proxies).

Reply View 1 reply
  • HDThoreaun 2 months ago

    If the government is going after anyone who connects to an unknown IP Tor isn’t safe either

    Reply View 0 replies
immibis 2 months ago

Then you know every time that IP was accessed, the same operative was there.

Reply View 0 replies