On 01/16/2014 04:16 AM, Jim Rucker wrote:
There was a story in the news recently of a Harvard student who used Tor to send a bomb threat to Harvard in order to cancel classes so he wouldn't have to take a test. He was apprehended within a day, which puts into question the anonymity of Tor.
The way I understand it is that they did not exploit a weakness in any system, they just (more or less) performed regular police work.
See https://www.schneier.com/crypto-gram-1401.html#3
From my understanding (please correct me if I'm wrong) Tor has a weakness in that if someone can monitor data going into the relays and going out of the exit nodes then they can defeat the anonymity of tor by correlating the size and number of packets being sent to relays and comparing those that the packets leaving the exit nodes.
It is not that simple, but in principle you are correct. A good paper to read about this is http://freehaven.net/anonbib/#ccs2013-usersrouted
See anonbib also for mitigations that were suggested and investigated over time (which are not that easy either).