[tor-relays] Individual Operator Exit Probability Threshold

[grarpamp]

>> :> what the current value of "global" is but I should hope it's well above 5%...

>> :I'm curious about what you mean by "global" here, and how it relates to
>> :[potentially] malicious operators (suspicious relays of which are
>> :frequently thrown off the Tor network).
>>
>> "global" as in a global passive adversary

Global is relative, it can mean at a scale having wide enough coverage
physical or logical, to achieve your goals, against from 1 to all users,
in sufficient time. It probably doesn't mean 1 node or tap, or quite 10,
but up towards 100 / 500 / 1000 becomes interesting to think about.
Similarly probably not for $5000, yet $50000 to $10M becomes a project.
Physical may mean literally distributed about the Earth.
Logical may mean piled in one datacenter taking part in the
random functions of a target network, such as DHT abuse.

>> though I suppose running nodes is an active adversary.

Depends on what's being done with those Sybil nodes.
Listening, traffic analysis, recording, decryption... that's passive.
Modification, inject / drop, perturb, exploit... that's active.

There are successful attacks in both modes of operation.

> If an adversary is a global passive adversary, surely that would mean
> that they are for all intents and purposes seeing pretty much all of the
> traffic?
>
> I think it is worth remembering that there isn't evidence there is a
> global passive adversary at the moment, even if certain agencies and
> organizations clearly aspire to be one.

If anyone seriously thinks that GPA / GAA scale adversaries
do not exist, or are not actively in effect and growing with intent,
they need to get their head out of their ass and digest the news
dating back to at least Snowden.

Even simple University level research groups have published
effective production low cost small scale Sybil attacks on tor.

(Sybil may also include infiltration of global code repositories.)

Learn about how internet backbones work, lack of per link
level encryption and fill traffic, Tier-1 vantage points,
dozens of suspect hops in a traceroute, etc.

How entities and people bend over backwards to give data
away under the legal or $dollar table with wink and nod.

Read up what NSA, GCHQ, FVEY, DEA, et al are doing
with $Billions, PATRIOT partnerships, manganese nodules, etc.

In a sense, "global" may sometimes distill down to meaning
the same "global amounts of money" spread at a problem via
various vectors to achieve similar results.

Threats involving large scale deployment of $money, nodes,
and actors against tor and other networks are real and secretive.

Secrecy requires gauging their effectiveness by analysis of leaks,
court cases, parallel construction, whispers and canaries,
whitepapers, human resources, code and deltas, and news media.

The fun part beyond that is in figuring out how to defeat them
and then doing exactly that :)