aliclark
commented
9 years ago Suggestion 1: the journalistic organisation and/or FPF should operate dummy clients that continuously upload documents to the Secure Drop instance. With luck and reasonable likeliness, this will obscure the moment at which an interesting document of size x KB was uploaded, or at least make analysis very difficult. With luck, spurious uploads will coincide with the timing of the real uploads, obscuring their size and meaning.
Theoretically the adversary could still wiretap the dummy client(s) and subtract their traffic from that of the hidden service before performing their correlation. However: a) they might not b) if they do, it would take a certain amount of real-life effort for dev time etc.
Disclaimer: the attack scenario described here is highly offensive and I hope all realistic adversaries would rule it out as crossing a line. We should still defend against it.
Suppose an adversary has a) discovered the IP address of the hidden service, or knowingly become their relay b) has set up a wiretap of the hidden service
In this case the adversary can see when uploads are being made into the system and of what size. We should mitigate this and create false positives.