[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: private vs. public tor network ... any other options ?

We run a private Tor-based network. Email Steve (sms@) or I for questions.

What we have contemplated is operating the exit nodes, and mixing into the public Tor network for either the middle or both middle and entry nodes. You could select high bandwidth middle-nodes for this, which would give you reasonably high performance, yet you would have 1-2-or more public nodes in between the user and the exit node. This would provide increased anonymity, while preserving performance and security of the exit nodes (protecting against mal-nodes).

The thought was also to select those middle nodes based on measured performance.



From: Flamsmark
Date: Thu, 24 Sep 2009 11:24:27 -0400
To: <or-talk@xxxxxxxxxxxxx>
Subject: Re: private vs. public tor network ... any other options ?

On the other hand, I do control a fair amount of infrastructure and bandwidth in multiple locations ... so it's very tempting to leverage those resources in a way that gives me tor-like anonymity, but without the (sometimes terrible) speed and latency.

If you limit yourself to a small set of nodes, you will�definitely�compromise your anonymity against a powerful attacker. But what if you're not worried about a powerful attacker, or serious anonymity? What if you just want a casual observer to think you're using Tor, and leave it at that?

Is there a middle ground ? �Is it possible for me to simultaneously contribute network resources to the public Tor network, allowing me to blend in like every other Tor user, yet at the same time somehow leveraging the specific resources I control to achieve faster speeds for my own use ?

You could run two relays on each node you control. One relay would be part of the public tor network, and limit the bandwidth to a (large) fraction of what you have available. One relay would be part of your private tor network and use the rest of the available bandwidth. You'd have to bootstrap your tor network from scratch, and set up an authority, and so on. Then you could run your local tor client on your private network, and have a small set of fast nodes available to you. A casual observer at either end (you-hop1 or hop3-internet) would see the traffic from/to a tor node, and assume that it was truly torified. Depending what you personally think the threat profile is - and I'd suggest reading some of the research to find out what threats to consider - you might want to use an entry point or exit node on the regular network, or do other circuit manipulation.

Note that trying to take advantage of your own resources inevitably limits your anonymity potential.�Customizing�your network also means that you won't benefit as much, or at all, from upgrades to Tor. However, if all you want is casually anonymous browsing at high speed, this may be useful to you. Nonetheless, I make no guarantees that the system you set up will be sufficiently anonymous for you.