[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Tor Geolocating exit nodes.



Hi,

Currently I am writing my master thesis on Privacy in Tor. I started out with looking into ways to improve website fingerprinting. When performing tests, I noticed that an exit node in my country (The Netherlands) was selected more often than other countries. So I took some test and here are the results.
In my understanding, one would expect Tor to select exit nodes at random, only taking into account bandwidth of the exit node and guard node relations, this is what I think is going on by reading the source. I would be very happy to receive a more comprehensive explanation of the workings of (exit-)node selection.

It looks like that exit nodes are not randomly selected and it appears that nodes from my country are more often selected. This can be due to the fact that Tor takes into account the bandwidth provided by a node, but does it also keep in mind where I come from? 
If Tor selects an exit node more often when it has more bandwidth, doesnât that an attacker with many resources an advantage?

I am very happy to hear your explanations and opinions about these results.

The results of the test shown in the first two pictures was performed in the following way:
1. Connect to tor
2. Receive list of nodes
3. Retrieve exit node IP
4. Send NEWYN signal and go to 3. 

The loop (3 -> 4 -> 3) was done about 200 times.

1. Geolocation of exit node, list of nodes obtained through direct acces (IP) (http://i62.tinypic.com/vypcgm.png)
2. Geolocation of exit node; list of nodes obtained through US VPN (http://i60.tinypic.com/wrg705.png)
3. Blue: total nodes, Red: exit nodes. Both per country, source: onionoo.torproject.org (http://i62.tinypic.com/1zpnorb.png)
4. Distribution from figure 3, the picture that one would observe (after many tries) when random selection of exit nodes would be applied (http://i62.tinypic.com/286rg9k.png)
5. Frequency an exit-node was selected, each color represents a single IP of an exit-node. This is in the case without any VPN (http://i62.tinypic.com/k0jxjo.png)

Thank you,
Max


From: Andrew Lewman andrew@xxxxxxxxxxxxx
Reply: tor-dev@xxxxxxxxxxxxxxxxxxxx tor-dev@xxxxxxxxxxxxxxxxxxxx
Date: 18 Jun 2014 at 17:41:43
To: tor-dev@xxxxxxxxxxxxxxxxxxxx tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject:  Re: [tor-dev] Tor Geolocating exit nodes.

On 06/18/2014 04:38 AM, JP Wulf wrote:
> This geolocation could perhaps be used to validate the integrity of the
> nodes (how I dont know, maybe by establishing TOR honeypots that can only
> be compromised through traffic through a compromised (owned) exit node).

The Tor client does not trust the tor network by design. The user can
influence the client to use countries they think are safe. See
https://www.torproject.org/docs/faq.html.en#ChooseEntryExit


--
Andrew
pgp 0x6B4D6475
https://www.torproject.org/
+1-781-948-1982
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev