[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Some thoughts about Tor Project

El 21/05/2016 a las 20:54, Moritz Bartl escribió:
Hi juanjo,

Welcome! :)

On 05/21/2016 07:56 PM, juanjo wrote:
-A circuit should never have all hops from the same country: days ago I
was on a web with the latest version of Tor Browser and I advised all
hops from the circuit were from the same country. This is bad, since
with bulk data collection and traffic analysis this country could
deanonymize me easily.
The decision is hard to make across all users. You want a uniform
strategy for all 2 million+ users. Crossing country borders might
actually make it legally and technically *more* easy for your adversary
to collect and analyze traffic. If, say, all relays in your circuit
happen to be on ISPs that peer with each other, there might not be a
tapping device installed at all in between those. Internet routing is

But, yes, for many users it may be useful to cross borders. You seem to
be interested in anonymity, so you will love
http://freehaven.net/anonbib/ :-)
http://freehaven.net/anonbib/#ccs2013-usersrouted is a quite good
overview paper that looks at the problem you touch.

Well, Tor Browser by default chooses randomly the nodes which will be part of a circuit, so most of them actually are not from the same country. I don't understand your point here... there could be cases and users where crossing borders might be illegal or more dangerous, but I think most of the people who use Tor Browser by default, doesnt choose all hops from the same country... I think what most of the people needs to protect their anonymity is to choose nodes from different countries, or at least not all from the same country like happened to me. Maybe we can work here on the Tor Browser config dialog and put there an option like "forbid to choose all hops from the same country" or even say "all hops from different countries".
cheap VPS to install Tor nodes, but I think thats bad. We should advice
Tor node operators to move their nodes to other countries if possible...
or even a campaign with crowdfunding to create more nodes in countries
where there aren't many...
While I agree that for many users crossing borders might be useful, I am
not sure this is the perfect strategy for everyone. We had a script to
distribute donations that we receive as Torservers, and as a first
approximation the money you would get would be higher if the exit relay
was in a country with low total exit capacity. You might like it.
Unfortunately it is buggy, someone should do a rewrite and potentially
work in more criteria.


There is also http://www.tor-roster.org/ , a project that awards
"points" based on some of the potential criteria.
As I said, maybe for some people crossing borders might not be a good strategy, but right now for most people I think it makes sense. But the problem is still the servers are in too few countries, and I think this is bad for all users... Just think that many european countries are starting to make laws against privacy and even considering bulk data analysis so if USA do this, Germany too and France too, like I said, most of the Tor users will be deanonymized... I will look into that exit funding code too, but I don't have much free time...
-Maybe we should think a way of introducing high latency features on
Tor, I know this is troublesome but we need to think a way to protect
people even if NSA and Europe works together against Tor users...
Some time ago, researchers from Ruhr-University mentioned on tor-dev@
that they were working on something like it. Pond was a similar
experiment. I would love to see high-latency support integrated in Tor,
but there's a lot of open research questions. Maybe, if you have time to
dig into this, a great outcome would be to bug Tor developers and
collect all the open questions and potential design decisions into a
wiki page!

-What about Tor traffic obfuscation by default? I mean the traffic
between all Tor nodes. Will it help on something?
You might like https://arxiv.org/abs/1512.00524 and

-More public libraries with Tor nodes. Great work with that, this
initiative should spread.
It is slowly spreading :) Take it on and get in touch with local libraries!

And maybe how Tor Browser users can help the
network in the future being a relay...

-I heard making a pluggable transport work in a privileged port (less
than 1024) is a hard work. we have to fix it.
It's worse, the instructions on the website are quite outdated. It's a
surprise we even have bridges with latest pluggable transports...

I think that should be a priority right now: this works against censorship and even could work against traffic analisys... I can't help developing anything here, but maybe if I have time, I can work on the documentation...

-Better node testing: I think some people is working on this already. I
mean more and better ways to test if a exit node is a bad exit, or if
any other node is making traffic shaping attack.
Yes, this is actively being worked on.

So this is it. Thank you all again for all your hard work and see you in
other time.
Great feedback, great questions and comments! Spot on! :)

Yes, I will work spreading the word about privacy, why it is important, the Tor Project, etc...
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to