Traffic analysis
Traffic analyis applied to the internet allows governments to:
- Know what websites someone visists and thereby what interests or beliefs someone has
- Link people together because of communication bertween thier computers
- Link people together because they visit the same website that has only a few visitors
- Link people together because they comunicate with the same computer during the same period
Traffic analysis requires a high degree of access to the internet infracture e.g. ISPs and major internet hubs. This is easily possible for the goverment for of a single country and, with the vast resources of the NSA and GCHQ, it is practical for a large proportion of the entire internet.
The tor network aims to thwart surveillance by traffic analysis by routing messages through multiple nodes in multiple countries. However, traffic analysis will still provide some information:
- It can identify all the nodes in to tor network (around 6000 in 2015)
- It can identify the IP addresses of all computers that send messages via the tor network
- It can identify the destinations of messages (but only as a set - not the destination of individual messages)
There is at least one scenario where traffic analysis could link a tor user to a destination. Suppose the following:
- the only internet activity on the machine of tor user it to visit a single website
- the website receives very little traffic - typically only one visitor at a time
- the opening web page requires say, 10 HTTP or HTTPS requests to retrieve it e.g. the html page, a CSS file and 8 images on the page
- the user pauses to read the page, then loads another page causing a similar flurry of requests etc.