This attack has been known for years now. And tor is simply not able to defend against it without a complete redesign.
First, randomize your mac, shutdown anything that can “dial home” (updates, sync, logged in apps, etc) then connect to internet then anonymous VPN, then connect to the tor network, use an anonymized browser with NO java enabled, never download anything -copy paste text, and screen cap images-, if your network drops the popo’s are trying to do a “reconnect” attack to see if they can get an unprotected connection to the material you were looking at. Use a livedisk on USB and you likely won’t get bios level attacks, as live disks make it harder to access your bios. Source: a boring ass individual that just wants the gov off their jock strap, suck it Joe my FBI agent, you know what you did.
This looks like it was a timing analysis attack. Basically, they’re trying to figure out which user did something specific. They match the timing of the event with the traffic from the user, and now they know which user did the thing.
It can be fuzzed by streaming something at the same time, because now your traffic is way harder to time analyze when you have a semi-constant stream of data running. But streaming something over Tor is an exercise in patience, (and it’s not something the typical user will just always have running in the background) so timing analysis attacks are gaining popularity.
As I read, they used timing analysis which should be preventable by using an anonymous VPN to connect to tor and streaming something over the VPN connection at the same time. Some of them support multi-hop, like mullvad, which will further complicate the timing analysis because of the aggregated traffic.
How do you get an anonymous VPN? I see mullvad has a pay in cash option. Is that how?
Yes exactly and some providers also accept crypto.
If I understand correctly, stream isolation will route different connections through different circuits. If you’re doing two different things of a sensitive nature, open different browsers and applications, use random user-induced delays in your actions/responses and PGP-encrypt everything. And listen to what the TOR project says about the mitigations. I have some reading to do myself I guess
What else you going to use?
