top | item 41593518

(no title)

technicly this is the only comment in this chain that is relevant to the featured article, but it's technicly so incomplete that it's almost wrong, I can tell from having read the thread and knowing next to nothing else about how TOR works.

They don't have plausible evidence to subpoena the guard node if a middle node only sees encrypted traffic. They would also need to control the exit nodes which communicate with the target's host or they simply control the host as a honeypot.

discuss

immibis|1 year ago

Because the victim was an onion server, they could make it generate new connections at will. They used timing correlation to determine their node was the middle node for their connection.

posterboy|1 year ago

assuming the guard node connects to the host when the host communicates with the client, this makes a little more sense. If I understand correctly you are saying that they did not seize a boat load of unrelated nodes and have rather fluxcompensated it with "timing correlation" and infinite funds.

Ad hominem: your username spells out MIB, Men in Black, surely you are joking.