Here is a scheme for deanonymizing a user that I've been thinking about, just out of curiosity. I tried searching for it but didn't find much. Does this technique have a name? Are there any papers or articles on this? And is it known to be in use?
So a user posts a lot of information, on Twitter or on a Blog, etc.. He/she tries to be anonymous by using internet cafes, Tor, proxies, or any other method. The user's posts obviously don't have geotagging information, but they have precise timestamps.
Now, an attacker could introduce slight delays into all potential user's connections, of the order of milliseconds. They either do this with the cooperation of the ISPs (e.g. intelligence agencies), or by spamming the connections using botnets (e.g. criminals). The attacker would vary the delays by location and time. Then, looking at the timestamps of posts, there would be windows where a targeted user would be less likely to have successfully submitted a post. A simple example, if I imposed a delay of 2 seconds at 9:00, the user couldn't have posted at 9:01. In real life, the attacker would probably use tiny delays and a lot of posts, and use probabilistic methods to narrow down the target.
Ways to improve accuracy would be to get more precise data (getting the exact timestamps of posts by cooperating with the sites the user posts to), or by watching a real-time stream of data, e.g. VOIP, and correlating the delays with the imposed delays.
Now, thinking about it, you could possibly even do this passively, by measuring latency at a lot of points and correlating it with the timestamps of your target, but that makes it at lot harder.
So, would this work? Is this known to be used?