[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Traffic retention of TOR-Relays in Denmark
On Friday, July 15, 2011 10:05:36 AM bemoo129@xxxxxxxxxxxx wrote:
> recently I read about the danish law to log every 500. IP-Packet,
> which is on wire between Customer and ISP. Allthough this Law
> doesnt affect hostet Servers, i thin it is dangerous for Tor-Relays
> which run on a normal PC at home.
> What do you think abou this? If very much Packets from Tor-Servers
> are logged due this law, are danish-Tor servers now very unsecure?
Let's take this apart into some easy to digest pieces.
First, I belive the law is to record IP packet header information, not the
contents themselves. While this is bad, it's the basis of traffic analysis and
exactly one scenario in which Tor can defend the user. In part, I'm basing my
understanding of this law from
The logs of a connection running a non-exit relay or bridge are going to only
see encrypted traffic to and from the home computer. The logged packets may
show someone using Tor, but the traffic contained within is still encrypted. The
connections will between Tor user and Tor relay, and Tor relay to Tor relay.
Currently, Tor does not try to hide that you are using Tor. Tor doesn't
scream 'I'm using Tor', but at the same time, if your adversary is looking
really closely, they can deduce you are using Tor. The good news is that
we're working on pluggable transports and obfuscating proxies to hide the fact
that you are using Tor.
The logs of a connection running an exit relay is going to see encrypted traffic
from other relays and whatever traffic exited from itself to a destination. The
logs will record lots of traffic from people other than the ISP subscriber.
Some small percentage of this data may be illicit, as defined by local laws.
This is the same risk for exit relays now.
Other information about protections tor provides against an adversary
recording your traffic can be found at
tor-talk mailing list