/d/OpSec icon

/d/OpSec

15,203 subscribers

Discussion about OpSec, Threat Models, Protection, Assessment and Countermeasures.

timestamps linking to TOR activity. A valid concern?

by /u/mangomang · 4 votes · 2 weeks ago

(For context Im in Australia)

Main thing I worry about with a wifi/tails connection at home is TOR timestamps linked to activity on the markets.

What I mean about timestamps, is that if I am connecting to TOR then operating on the markets, I could see how my ISP could log internet activity (that is going through TOR), which could then be linked with actions on the markets. Im talking about log in, message sending, other operational processes on markets.

This is especially true if a market was compromised or running as a honey pot.

Dont know if the timestamp scenario is is a valid concern?

One thought is to have a burner phone with an anonynous sim, that I can connect my laptop via the phone hotspot. This will prevent any association with TOR access via my my home ISP. Though with the burner, if I am using it at home for TOR access, then I do worry about location tracing through the 3G towers. How accurate is location via these towers?

Another idea is to run a monero node over TOR or even a TOR node/relay so that I have a constant TOR connection, which would hopefully hide my activity. I am guessing data activity would spike when ever the node/relay is used by another person connecting to it? So therefore my use would be somewhat obfuscated.

Perhaps I should be using TOR bridges? But I can never get these to connect...

Any thoughts on any of this?

Comments (4)
/u/Gostu · 1 votes · 2 weeks ago · Link

https://www.whonix.org/wiki/Time_Attacks

/u/y4rr4k · 1 votes · 2 weeks ago · Link

Don't forget that if you use the same bridges in different locations it can lead to de-anonymization

/u/Ryanfrmtheo · 1 votes · 2 weeks ago · Link

Unlike the rest of people, I appreciate you taking the time to describe your threat model. If you wish to avoid time-correlation attacks in your case, you should use a meek-azure bridge, which is quite slow and sluggish but almost undetectable as Tor traffic since it utilizes domain fronting, as opposed to obs4 and snowflake traffic, which are easily identified as Tor traffic. Of course, another alternative is to utilize a VPN.

/u/HeadJanitor Moderator · 1 votes · 2 weeks ago · Link

There are right now 14 attacks that are being studied or at least that I am examining. Some more fruitful than others. In short, if you only use Tor for hidden onion services you are safe and the benefits of obsf4 are phenomenal.