Tor Start/Stop times as a side channel attack


last year
This isn't a warning, per se, just something I've been thinking about.

Say you're about to use Tor to post a message online. A message that could make you very powerful enemies. You fire up Tor browser, send your message, shut it down, and maybe even uninstall Tor browser for good measure.

But here's the potential problem, how many other people in the world started Tor just before your message was sent and closed it just after? Say we allow a 10-minute window on either side, I would think that could be fairly identifying. What I'm not so sure about is how easy it would be for someone to determine when you start and stop Tor.

I do know that if you have Tor configured to run as a relay that information is broadcast publicly, so this is very definitely a concern. You should keep your relay on most or all of the time, not just when you're using Tor yourself.

But other than that scenario, can anyone think of ways this information could leak? I'm really not sure of how conspicuous a non-relay Tor instance is on the network. I would suspect the start-up time would be more visible than the log-off time due to the amount of information that has to be downloaded when it first syncs up, but I'm just speculating now.

Reply

You are not logged in. Login or register to reply on this thread.