Hello.
Tor at 1AEO wrote:
NetFlow-style data is not neutral from a privacy perspective. While it
doesn’t include payloads, it does expose timing, fan-out, retry
behavior, and correlation patterns. When retained or disclosed —
intentionally or otherwise — that metadata can reveal Tor traffic
characteristics and failure-mode behavior that would not exist at all
if such flow data were not collected.
Most uses of NetFlow are not "monitor timing on all packets" but things
like "give statistics on one out of every N packets". When N is large
enough, it's not practical to use it for traffic correlation attacks in
that situation. Not that everyone runs it in sampled mode, of course...
Not to mention, there's no reason to suggest that Hetzner got any of
that information from NetFlow itself. They could have simply gotten it
from a set of NetFilter (e.g. iptables) rules running on the host node
that log whenever certain behavior is detected. If anything, that would
be more plausible as it does not require exporting traffic when the host
node itself is perfectly capable of doing analysis on its own.
I agree that widespread use of NetFlow (and cflowd and all that jazz) is
an issue, but I disagree that Hetzner's ability to detect certain types
of traffic behavior indicates use of NetFlow or any similar technology.
Regards,
forest
···
_______________________________________________
tor-relays mailing list -- tor-relays@lists.torproject.org
To unsubscribe send an email to tor-relays-leave@lists.torproject.org