[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Exit Traffic classification and discrimination

Hi Fabio:

TLDR: No, I haven't and wouldn't try this.

If I understand, you're asking "Why don't TOR operators discriminate on
traffic by passing packets to popular, acceptable sites and
discriminating against traffic headed "elsewhere" by re-routing it.

This view ignores a few fundamental facts underlying the very existence
of TOR.

1) That tools such as TOR exist specifically to enable that last 10% of
"dangerous" traffic - given that every political regime gets to decide
what they think is "Dangerous".  In Saudia Arabia, criticism of the king
is dangerous traffic. In China, discussion of the Tienanmen square
massacre is also dangerous. TOR exists specifically to facilitate this

2) That the most objectionable traffic will probably be going to a lot
of the top-30 websites, as that's where political discussions need to be
brought to gain any sort of critical mass to bring them out of anonymous
online enclaves and translate them into real political activity.

Finally, I wonder whether you have any experience actually, in practice,
trying to differentiate traffic as "abuse" from "not abuse". If there
were any even close-to-accurate ways of doing this, I suspect ISP's
would already be doing it and even your abusive TOR traffic would get
dropped at peering connections.

In practice, it's very difficult to tell if even "clearly abusive"
traffic - say, XSS attempts or SQL injection scanners - are abuse by
some annoying hackers, or research by someone trying to assess how many
home IP cameras are vulnerable to being part of a botnet, or even an
authorized pen-tester just checking out their client's distributed offices.

On 1/31/16 6:42 AM, Fabio Pietrosanti (naif) - lists wrote:
> Hello,
> the internet is said to be driving most of it's traffic to a list of
> some dozens websites, usually major internet companies.
> I'm wondering if the Tor Exit traffic follow the very same rules.
> I'm just assuming that if the traffic destinated to the top-30 website
> in the world, make up (for hypotesis) 90% of average Tor Exit traffic,
> then it could be an opportunity to classify it and discriminate it.
> We may assume that traffic going to the top-30 website in the world does
> not generate abuse, while other traffic may generate abuses.
> If those assumption is true, it means that would make *a lot of sense*
> for a Tor operator to classify and discriminate in a different way "the
> bulk top-30 traffic destination" (non abuse-generating) vs. "the rest of
> the traffic".
> If my ISP is happy with 90% of my traffic, but it's not happy with my
> 10% that may contain abuse-generating destinations, then it would make a
> lot of sense to me to establish a VPN somewhere else to route those 10%
> of abuse-generating traffic somewhere else (where "somewhere else" maybe
> a place that i can change when an abuse take it down).
> But 90% of my resources (given the previous hypotetical assumption)
> would be happily pumping non-abuse-generating Tor exit traffic.
> Does anyone ever done some kind of testing or analysis about that kind
> of approach?
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to