[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] How can we trust the guards?



On 01/02/2017 12:53 AM, Rana wrote:
> @Mirimir
>>> This is not Blockchain where hundreds of thousands of greedy selfish 
>>> genes are working together for non-collusion.  A practically zero- 
>>> effort collusion of already fully cooperating FIVE EYE agencies (US, 
>>> UK, Canada, Australia, New Zealand) is needed to sprinkle several tens 
>>> of rogue relays every month all over the globe, hosted at unsuspected 
>>> hosters, looking perfectly bona fide. All they need is maintain some 
>>> bandwidth and stability (why not?) and wait 70 days and - hop! - they 
>>> are guards.
> 
>> That seems plausible. I don't know how the community of relay operators
>> works. But I suspect that, if you're right, many known and trusted relay
>> operators must be covert operatives. While that's not impossible, it
>> would represent a huge investment.
> 
> I've been through this already, and made a calculation of the completely
> negligible - in government terms - amount required to pay for hosting
> 4000 powerful nodes that are indiscernible from honest relays and are
> scattered all over the world. A huge investment is emphatically NOT
> required for this. As to operatives, I see no reason why a single
> employee could not control 500 rogue relays from a single $1000 PC.  
> Say, spending her day revisiting 25 relays daily, doing maintenance. 
> That's assuming zero automation. With some automation software (say, 
> flagging relays that need attention, most of them don't most of the 
> time), a single employee could control the entire 7000. Where's 
> the "huge investment"?

Yes, there's no huge investment in equipment or operator time. But it's
my impression that there's a community of relay operators. Who know each
other. And I doubt that an appreciable percentage of entry guards are
run by anonymous cowards, such as myself ;)

If that's the case -- and I'd appreciate knowledgeable comment -- many
known and trusted relay operators must be covert operatives. I expect
that running a long-term covert operation isn't cheap. But upon
reflection, it would arguably not cost more than a hundred million USD
per year. So maybe so.

> Tor model breaks down when facing a modest government adversary for the
> simple reason that having only 7000 relays total, with a minority of
> them carrying most of the traffic, invites cheap infiltration and
> takeover by state adversaries.

Yeah, that's a problem :(

> Rana
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays