[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] How can we trust the guards?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] How can we trust the guards?
From: Mirimir <mirimir@xxxxxxxxxx>
Date: Mon, 2 Jan 2017 02:34:13 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 02 Jan 2017 04:55:46 -0500
In-reply-to: <03cf01d264cd$5af95a50$10ec0ef0$@gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays $exit, non-exit, bridge$" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <034c01d26471$c9e8b980$5dba2c80$@gmail.com> <1726245.Wky8Vp9MiV@home> <039501d26479$93e9a8f0$bbbcfad0$@gmail.com> <20170101224245.GO1362@inner.h.apk.li> <03bc01d264c1$7dfa5830$79ef0890$@gmail.com> <b5389d73-0335-b447-4709-b37b50f135d6@riseup.net> <03cf01d264cd$5af95a50$10ec0ef0$@gmail.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On 01/02/2017 12:53 AM, Rana wrote:
> @Mirimir
>>> This is not Blockchain where hundreds of thousands of greedy selfish 
>>> genes are working together for non-collusion.  A practically zero- 
>>> effort collusion of already fully cooperating FIVE EYE agencies (US, 
>>> UK, Canada, Australia, New Zealand) is needed to sprinkle several tens 
>>> of rogue relays every month all over the globe, hosted at unsuspected 
>>> hosters, looking perfectly bona fide. All they need is maintain some 
>>> bandwidth and stability (why not?) and wait 70 days and - hop! - they 
>>> are guards.
> 
>> That seems plausible. I don't know how the community of relay operators
>> works. But I suspect that, if you're right, many known and trusted relay
>> operators must be covert operatives. While that's not impossible, it
>> would represent a huge investment.
> 
> I've been through this already, and made a calculation of the completely
> negligible - in government terms - amount required to pay for hosting
> 4000 powerful nodes that are indiscernible from honest relays and are
> scattered all over the world. A huge investment is emphatically NOT
> required for this. As to operatives, I see no reason why a single
> employee could not control 500 rogue relays from a single $1000 PC.  
> Say, spending her day revisiting 25 relays daily, doing maintenance. 
> That's assuming zero automation. With some automation software (say, 
> flagging relays that need attention, most of them don't most of the 
> time), a single employee could control the entire 7000. Where's 
> the "huge investment"?

Yes, there's no huge investment in equipment or operator time. But it's
my impression that there's a community of relay operators. Who know each
other. And I doubt that an appreciable percentage of entry guards are
run by anonymous cowards, such as myself ;)

If that's the case -- and I'd appreciate knowledgeable comment -- many
known and trusted relay operators must be covert operatives. I expect
that running a long-term covert operation isn't cheap. But upon
reflection, it would arguably not cost more than a hundred million USD
per year. So maybe so.

> Tor model breaks down when facing a modest government adversary for the
> simple reason that having only 7000 relays total, with a minority of
> them carrying most of the traffic, invites cheap infiltration and
> takeover by state adversaries.

Yeah, that's a problem :(

> Rana
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] How can we trust the guards?
  - From: Aeris

References:
- [tor-relays] How can we trust the guards?
  - From: Rana
- Re: [tor-relays] How can we trust the guards?
  - From: Rana
- Re: [tor-relays] How can we trust the guards?
  - From: Andreas Krey
- Re: [tor-relays] How can we trust the guards?
  - From: Rana
- Re: [tor-relays] How can we trust the guards?
  - From: Mirimir
- Re: [tor-relays] How can we trust the guards?
  - From: Rana

Prev by Author: Re: [tor-relays] How can we trust the guards?
Next by Author: Re: [tor-relays] How can we trust the guards?
Previous by thread: Re: [tor-relays] How can we trust the guards?
Next by thread: Re: [tor-relays] How can we trust the guards?
Index(es):
- Author
- Thread