[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Anonymity easily thwarted by flooding network with relays?

On Fri, 19 Nov 2010, Theodore Bagwell wrote:

On Fri, 19 Nov 2010 08:11 -0500, "Paul Syverson"
<syverson@xxxxxxxxxxxxxxxx> wrote:
Your reactions are good. It's just that many people have had the
same reactions so we've explored this, and nobody in all of the research
done has yet produced a viable version of what you suggest.

The nature of the attack outlined in the paper is expensive. The paper
suggests rapid deployment, collection of data, and undeployment. The
longer the interloping system runs, the more it costs.

I don't think it sounds expensive at all - I suspect a private individual could ramp this up for $10k per month or less. It's not chump change, but it's not exactly at the nation-state level either...

(I am thinking of Amazon EC instances, etc.)

Perhaps, at a network level, we can detect a sudden massive deployment
of ORs and mark them as suspicious?

Or, as mentioned earlier, we can assign an OR a level of trust
commensurate with its age? (Admittedly, this may increase security at
the expense of delayed benefit of new ORs)

Isn't this problem an obvious "web of trust" application ? Can't this be solved by a pgp-style web of trust ?

I don't like the idea of solving it this way because I rather like running my tor node(s) in complete anonymity, so it's not something I necessarily want to be involved in ... but theoretically, that would solve it, no ?
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/