Re: [tor-talk] Surge in Users

[Roger Dingledine <arma@xxxxxxxxxxxxxx>]

On Fri, Jun 07, 2019 at 01:01:38PM +0000, iwanlegit@xxxxxxx wrote:
> Can Directory Authorities analyze hostnames of relay users and publish them?

They could, but I don't think that would be a good idea, at least until
somebody has thought through how to do it in a safe way. As a start for
that thinking, I would point people to:
https://research.torproject.org/safetyboard/
But I think this would be a hard one to make properly safe.

> If the hostnames or organization names associated with the users are
> available, we could know what type of users are increasing, and probably we
> could guess why. In Iran and Russia, are the increases being made by
> individuals, companies, and/or governments? I want to know that.

In my experience, spot-checking these things in the distant past, the
hostnames and IP addresses don't tell me as much as I'd like. Maybe if
I were an expert in the network topology for these countries, I could
understand things better.

As another approach, learning the autonomous system (AS) number of
connecting users would be another way to measure diversity within the
country. I expect in some situations it would give too much precision
(too much granularity) for us to be comfortable publishing it though.

> https://metrics.torproject.org/reproducible-metrics.html#relay-users
> Directory Authorities (DAs) can see IP addresses of relay users and are
> reporting countries associated with the addresses for torproject.

Yep.

> So DAs may
> be under control of torproject.

No, the directory authorities are run by nine individuals who are part
of the Tor community but are not 'under the control of torproject'. They
make decisions on their own, and for most security choices a majority or
threshold of them need to decide on something before it becomes so.

> Can torproject let DAs report hostnames of
> the users?

No. We can ask, but they should push back unless the request comes with
a solid plan on how the measurements will be safe enough.

> Should rapid increases of the users be clear for Tor overall? I
> would like torproject to decide to do that!

Yeah, I would also like the world to figure out a way to do safer
measurements like this.

The Privcount approach seems like a useful building block here, because
it does network-wide aggregation and because it uses differential privacy
techniques to avoid publishing any counts that are too precise:
https://www.robgjansen.com/publications/privcount-ccs2016.pdf
https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/PrivCountInTor
and if we had more developer time (aka more funding), we'd be able to
get there faster.

> But if torproject can let DAs report them, I won't be able to use Tor with
> security. Even now, can DAs collect our personal information including IP
> addresses and leak them in theory? :D

Careful there -- the Tor design doesn't try to prevent every person in
the world from learning that you're using Tor. It tries to prevent every
person in the world from being able to learn _what you do_ using Tor.

If you want to prevent the directory authorities from knowing your
location, you'll need to take some further step. But most of these
possible steps (use a bridge, use a pluggable transport, use a VPN)
just shift the ability to count you to some other point in the network.
So there is no magic answer, and it comes down to "it depends what you're
worried about more".

Hope that helps,
--Roger

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk