[tor-relays] Electronic surveillance on major tor exits

Name Withheld survivd at gmail.com
Mon Jul 23 14:03:24 PDT 2012 

This is in response to something from Roger's email on funding exit  
relays, but I didn't want to derail such an important conversation by  
responding directly.

He mentioned:

     "At the same time, much of our performance improvement comes
from better load balancing -- that is, concentrating traffic on the relays
     that can handle it better. The result though is a direct tradeoff with
relay diversity: on today's network, clients choose one of the fastest 5
     exit relays around 25-30% of the time, and 80% of their choices come
     from a pool of 40-50 relays."

This has probably been discussed before, but the first thing that came to 
my mind was, "how does this simplify surveillance of tor traffic flows?"  I 
know we badly need the performance improvement to continue moving Tor into 
the mainstream, but when it comes at the cost of a huge amount of all tor 
requests are exiting through a small subset of nodes, are we baking in a 
serious vulnerability?

Most Tor users probably don't read the manual and follow best practices.  
I'm sure we've all seen traffic where users are using google maps to find 
directions from their home, or logging into their true-name mail accounts.  
When you combine this "State of our Method" with a choke on the number

For monied countries that practice aggressive electronic surveillance  
(China, Russia, and the larger western states), it becomes more and more  
tempting to set up (or subvert) expensive, fast exits (with tshark and an 
SSL-stripper on it) and be guaranteed significant amounts of traffic from 
people that they view as having something to hide.  And if the same  
routing calculus applies to non-exit nodes, they can do the same thing on 
the non-exit layers, not only improving their correlation attacks, but 
creating a plausible chance of controlling some tunnels end-to-end.  I 
don't think that's a good situation for anybody other than the monitors.

I know that this is one of the reasons why "more nodes" is the largest  
everyday push (I went from 1 to 3 in the last month), and "we're working  
on it," and the node-funding push should help some of this, but I think  
it's important to review what direction relay diversity is heading in the 
long-term when the metrics start leaning in a certain way.

_______________________________________________
tor-relays mailing list
tor-relays at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list