On Fri, Apr 13, 2007 at 12:50:00PM -0400, Roger Dingledine wrote:

...

A group of 9 Tor routers also functioning overtly or indirectly as Tor exit nodes have been observed colluding on the public Tor network.

Yeah. This happened in mid 2006. I don't know why some random person just picked it up now.

"Nostra2004@Safe-mail.net" sent me some follow-up questions, which I'll answer here so we can keep the thread in one place. Maybe this will finally put the topic to rest. :) | How did Steven Murdoch and Richard Clayton tracked down the operator? I believe they made some phone calls to their friends who work in the network operations center at psinet. | How did they determine it was an innocent mistake? They know the person who was running them. It was somebody in the security field who was helping out but was embarrassed to realize that he was actually putting the network at risk by helping out quite so much. :) The fellow felt that private embarrassment was adequate, and asked not to be publically named. I trust them, and they trust him, so from my perspective it is now fine. | Even if the | operator is benevolent, that capability with so few nodes is disturbing. Yep. I agree. The Tor network may seem large, but it still needs to grow a lot larger to resist even medium sized attackers. | How were 9 nodes apparently able to touch 11% of all Tor traffic? If you launch a bunch of Tor servers that together push upwards of 200MBit/s each way sustained, ...that's a lot of bytes. Tor weights path selection by bandwidth -- otherwise Tor performance would be extremely miserable rather than just miserable. (http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#WhySlow) There are even several research projects currently looking at how to trade off a bit more privacy for better performance, including one of our GSoC interns. See also item #4 on http://tor.eff.org/volunteer#Research | Have changes to the code since then reduced this vulnerability? Yes. See the previous post: This issue also prompted us to speed up the fix/feature in 0.1.2.1-alpha: "Automatically avoid picking more than one node from the same /16 network when constructing a circuit." http://archives.seul.org/or/talk/Aug-2006/msg00300.html But the issue still exists with respect to people who control different /16 networks, and who can push lots of bytes (or trick us into thinking they can). | Do you think there needs to be activity (perhaps "collusion" between a | group of good guys), similar to what's on Bit Torrent, to identify and | blacklist nodes (discussions about the risks and legality of such | things can be left till later)? Well, the Tor directory authorities list servers, and can mark each server as invalid, badexit, etc. So in effect the authority operators can collude to blacklist nodes that we agree are behaving badly. A majority of authority operators need to claim something before clients will believe it. See http://tor.eff.org/svn/trunk/doc/spec/dir-spec.txt for a few more details. | Is there a transcript of the talk those slides were given with, or at | least a video? Yes, there is actually a video, courtesy the 23C3 folks: http://events.ccc.de/congress/2006/Streams look for talk 1513. For example, http://media.hojann.net/23C3/23C3-1513-en-detecting_temperature_through_cloc... Hope that helps, --Roger ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE