Yes, we scan

stan-qaz

I'm not sure you would need to own entry or exit nodes for traffic analysis if you owned or had access via FISA warrant to the routers that the nodes are connected to.

No reason to keep most stuff, suck it in, scan it and store the bits you are interested in an a "research" database and dump the original data. You have what you need on file and can skip the expense and hassle of storing the nonproductive stuff.

kejianshi

Well, I'd suggest that FISA is a rubber stamp and that any agency that has every asked for a warrant got one.
So, the "warrant" is neither here nor there.

Now, if every connection of every major provider is auto-logged, auto stored and can be auto sorted and later queried as described by the notorious leaksters, sure, you could put together all the hops and TOR becomes not so solid, unless a few of those TOR nodes are located somewhere that doesn't log and/or doesn't share that info.  Bad thing is that TOR has bandwidth and latency biases that would usually choose faster nodes that are closer.  One would think then that these biases are easily exploitable since for someone like me, in the USA, nodes in Havana, Tehran, and Iceland are unlikely to end up being my nodes.

Really, I think to be ideal, the nodes that you use would be best spread across in counties that hate each other and don't cooperate at all.
To my knowledge onion routing doesn't include any biases based on politics, but it probably should.

stan-qaz

For traffic analysis mid-points in the links are nice to have but only end-point access is necessary for many of the techniques to be effective. Going through nodes that do not have monitoring on their input/output routers adds to the difficulty but does not provide absolute security.

Look at it as being similar to cryptography, there is a secure way to do it (one-time pad) or less secure but possibly good enough methods (anything other than a one-time pad) that may meet your needs. Any connection where you have a knowable end-point on either end is subject to traffic analysis, you can make it harder but never reach the ideal without unknown end-points.

kejianshi

Traffic analysis?  Cryptography?  Those are real things?  (-;

Who would do such a thing?

Gradius

@kejianshi:

Traffic analysis?  Cryptography?  Those are real things?  (-;

Who would do such a thing?

I wish I could dream like this again back in 1995 when I started into Internet as a commercial way.

kejianshi

The determining factor for government intrusiveness seems not to be the constitution or any of its amendments or laws, but rather technology.

stan-qaz

A good read: http://www.spiegel.de/international/world/whistleblower-snowden-claims-german-intelligence-in-bed-with-nsa-a-909904.html

kejianshi

Another good read and reason to happily enjoy your pfsense.

http://www.dailykos.com/story/2013/06/20/1217520/-NSA-Shenanigans-is-the-CISCO-Kid-ding

NOYB

Port mirroring?  Really?  Oh please!  Is that all they have?  That article is nonsense propaganda aimed at techno-phobes.

kejianshi

Its not really that port mirroring is "bad".
Its bad if it can be remotely switched on via a back door and pointed towards destination of choice.
No technology is bad unless used in a bad way.

Well…  I guess its also bad if its use to seamlessly funnel every single bit and byte of data running across a major trunk in two directions simultaneously.  One towards destination that serves the consumer and the other for real-time ingestion at line speed and later analysis elsewhere and calling it a feature of the unit.  I don't think privacy is a privilege, but rather a right.  No one has to be licensed for privacy.  Its not something that you should have or not have at the digression of the government or anyone else.