[tor-relays] Electronic surveillance on major tor exits
Name Withheld
survivd at gmail.com
Mon Jul 23 14:03:24 PDT 2012
This is in response to something from Roger's email on funding exit
relays, but I didn't want to derail such an important conversation by
responding directly.
He mentioned:
"At the same time, much of our performance improvement comes
from better load balancing -- that is, concentrating traffic on the relays
that can handle it better. The result though is a direct tradeoff with
relay diversity: on today's network, clients choose one of the fastest 5
exit relays around 25-30% of the time, and 80% of their choices come
from a pool of 40-50 relays."
This has probably been discussed before, but the first thing that came to
my mind was, "how does this simplify surveillance of tor traffic flows?" I
know we badly need the performance improvement to continue moving Tor into
the mainstream, but when it comes at the cost of a huge amount of all tor
requests are exiting through a small subset of nodes, are we baking in a
serious vulnerability?
Most Tor users probably don't read the manual and follow best practices.
I'm sure we've all seen traffic where users are using google maps to find
directions from their home, or logging into their true-name mail accounts.
When you combine this "State of our Method" with a choke on the number
For monied countries that practice aggressive electronic surveillance
(China, Russia, and the larger western states), it becomes more and more
tempting to set up (or subvert) expensive, fast exits (with tshark and an
SSL-stripper on it) and be guaranteed significant amounts of traffic from
people that they view as having something to hide. And if the same
routing calculus applies to non-exit nodes, they can do the same thing on
the non-exit layers, not only improving their correlation attacks, but
creating a plausible chance of controlling some tunnels end-to-end. I
don't think that's a good situation for anybody other than the monitors.
I know that this is one of the reasons why "more nodes" is the largest
everyday push (I went from 1 to 3 in the last month), and "we're working
on it," and the node-funding push should help some of this, but I think
it's important to review what direction relay diversity is heading in the
long-term when the metrics start leaning in a certain way.
_______________________________________________
tor-relays mailing list
tor-relays at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the Testlist
mailing list