Add research idea for bandwidth related anonymity set reduction
Attack:
- The target hosts a hidden service.
- A linguist determines, the target is living in country X.
- Or it's a blog about things in country X.
- Thus, the assumption that the target's hidden service is running in country X has a high probability to be true.
- Easy to research (example): the fastest A Mbps line is only available in a very few parts of the country. Maybe only in one city. Most people have B Mbps and a few one still an old contract with the slow C Mbps.
- The adversary buys lots of servers in different countries, installs Tor on those servers and uses Tor as a client.
- The adversary can build now lots of circuits from geographical diverse places and probes the server by connecting to it's hidden service. The adversary can now accumulate how much down/upload speed the hidden service can provide.
- Thus, the adversary knows now something more about his target and if A Mbps is only available in a few places he has nailed down the amount of suspects.
Another unrelated open question:
- Preliminary consideration: Unless stream isolation is used, exit relays can correlate different activity from one user.
- Can exit nodes differentiate "This is the user who keeps on reading some.site with a A Mbps line vs this is the user who keeps reading some.site with a C Mbps line line?"?