[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #1880 [Core Tor/Tor]: Enhanced Security Suggestion
#1880: Enhanced Security Suggestion
--------------------------+-------------------------------------
Reporter: forever | Owner:
Type: enhancement | Status: reopened
Priority: Low | Milestone: Tor: very long term
Component: Core Tor/Tor | Version:
Severity: Major | Resolution:
Keywords: tor-relay | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+-------------------------------------
Changes (by cypherpunks):
* priority: Medium => Low
* status: closed => reopened
* resolution: not a bug =>
* severity: => Major
* milestone: => Tor: very long term
Comment:
In the last 7 years there has been much research on the subject.
It is not a bug, but neither are any feature requests.
It is a hope that the specifications will be improved, rather than the
implementation.
7 years ago only rich countries could passively break Tor using timing and
size information, but now any script kiddie on your public hotspot, ISP,
or carrier can do it. The most severe consequece of this is that brutal
dictatorships such as Egypt and North Korea have started using the attacks
to stalk journalists/whistleblowers and torture or murder them.
Although the demands of the Internet have increased in the last 7 years,
the infrastructure to support it has increased as well, as have the
techniques for mitigating the negative effects of bad latency, and it is
also easier than ever for data to be compressed more than ever before. Due
to all of these advances, padding of latency and packet size should no
longer require making the user experience awful.
Obviously there will be arguments over how much padding there should be,
and diminishing returns of greater padding.
However, specifying that Tor shall have padding built in, and implementing
some very small overhead by default (say, 0 to 1% extra latency and 0 to
1% extra packet size) wouldn't hurt anything, it would break all the
existing cyberweapons used to attack Tor users, and hopefully by the time
all of those weapons are upgraded there will be a consensus on how much
padding there should be. A lot of third world countries might never get
such an upgrade, and first world ones are less likely to murder
journalists.
I've never written in a low level programming language so it's beyond me
to even tell which of these studies will help to write the patch, but here
are some studies;
https://duckduckgo.com/html/?q=traffic%20padding%20anonymity%20research
https://duckduckgo.com/html?q=latency%20padding%20anonymity%20research
https://duckduckgo.com/html?q=packet%20padding%20anonymity%20research
https://duckduckgo.com/html?q=timing%20correlation%20anonymity%20research
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1880#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs