I think the takeaway from this is you can hide your origin from a web server, but if you use an uncommon pathway to the server, your traffic sticks out.
My memory of this case is that Harvard was able to easily determine who had recently used tor, possibly through netflow logs.
Same sort of thing used to happen with Signal traffic to their servers in AWS. I've been in countries where Signal does not work at all because the local government blocked Signal traffic after lobbying from companies that profit from expensive SMS charges.
I've read privacy activists stress that it's great that e2e encryption exists, but that intelligence agencies are mostly interested in the metadata (who you communicate with, how you communicate with them).
My memory of this case is that Harvard was able to easily determine who had recently used tor, possibly through netflow logs.
Same sort of thing used to happen with Signal traffic to their servers in AWS. I've been in countries where Signal does not work at all because the local government blocked Signal traffic after lobbying from companies that profit from expensive SMS charges.
I've read privacy activists stress that it's great that e2e encryption exists, but that intelligence agencies are mostly interested in the metadata (who you communicate with, how you communicate with them).