On 14/10/2020 23:59, Karl wrote:
On Wed, Oct 14, 2020, 6:34 PM Peter Fairbrother wrote:
To put some BOTE numbers on that, suppose you want to provide for 1 million concurrent users. You have about 150 TB per month user traffic to play with (500 x 1TB, ~3 hops), 150 MB per month per user, or 450 Baud.
Could you explain your math here? How did 500TB/3 (am I wrong?) become 150MB?
There are 500 raspberry pi's, each on the end of a 1TB/month link. That's 500 TB/month total traffic, but dividing by 3 we get approximately 150 TB/month user traffic. With a million users at any time that's 150TB user traffic per month: divided by 1 million users that's 150MB per user per month. As they are concurrent users (the total number of users is higher, but at any time 1 million users are using the service) that is 150 million bytes per month per user divided by 2,592,000 seconds per month, which is 58 bytes per second per user or 463.32 baud. Looked at another way, if people always used an anonymity service the hops would multiply their traffic by say 5 times (3 times as in TOR is not enough). Covertraffic and file size padding traffic would at least double that, so we would need at least 10 times the normal traffic the users created. And you ned a lot of traffic through your anonymisation network to get decent anonymity, you need a large anonymity set. Web traffic is expensive - making it at least ten times more expensive is not on, especially if nine tenths of it has to be paid for by someone else. That's not counting the servers etc - getting a pi to handle 386 kB/s [1] of anonymity traffic is not trivial, I don't even think it is possible. [...]
Enforcing TLS is much more reasonable nowadays. (You could add a plugin to use http tricks to hide file sizes.). Not what I would focus on once it gets nonsimple.
A good proportion of TOR traffic will be protected by TLS anyway, especially those sites which you might not want other people to know you are accessing. Visible file sizes are the main anonymity weakness in TOR. If you suspect someone you compare the file sizes of the traffic through their system with traffic through the exit nodes. In the UK at least it is legally fairly easy for the cops to demand that info (and most ISPs are legally required to obtain and store that data anyway) - getting everyone's traffic info where the cops have no suspect is a little harder, but not impossible. Of course the ordinary cops don't use that power, and the people who do use it don't want it known that they can do it, so you will find that they make up stories about reused passwords and the like being the source of their information. Peter Fairbrother [1] 1TB/month divided by 2,592,000s/month