>>137
I'm not sure if that would work. At least it wouldn't work well if the used on servers with public ip addresses. The average time samples would be determined by the location of the current end node, whose ip and geolocation is already known. And ISPs can't look for the pattern of traffic coming from your machine since it's encrypted. If tor could be broken this way I would be worried about standard use, since all it presumes is anticipating the user's traffic in advance and control of the contacted server. But if the phone home servers are hidden services, maybe you can extract information based upon timing there. I don't know how hidden services are done.