[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Onionoo bandwidth recording stopped?




Gesendet: Samstag, 20. Januar 2018 um 17:06 Uhr
Von: "Iain Learmonth" <irl@xxxxxxxxxxxxxx>
An: tor-relays@xxxxxxxxxxxxxxxxxxxx
Betreff: Re: [tor-relays] Onionoo bandwidth recording stopped?
Hi,

On 20/01/18 10:25, Ralph Wetzel wrote:
> As a consequece, I'll consider implementing a recording function into
> The Onion Box.
When you do this, please make it clear to users that making their
fine-grained bandwidth usage information public may harm the anonymity
properties of the Tor network.

On 21 Jan 2018, at 04:03, Ralph Wetzel <theonionbox@xxxxxxx> wrote:

Isn't this an inherent contradiction?

No. Making bandwidth information public makes it easier to link onion
services with their guards. It might also allow other kinds of attacks.

We think it's safe to release a daily bandwidth figure for each relay.
Or, more precisely, relays publish daily bandwidths so we can do
bandwidth measurement and statistics. We don't like releasing that
level of data, but it would take a lot of development effort to do it
differently.

If someone exposes his bandwidth usage information to public access, he already harmed the anonymity of *his* relay.

Relays are not anonymous.

Anonymity is a property of the Tor network, not individual relays.
But individual relays can compromise the anonymity of clients that
build paths through them, by making it easier for adversaries to find
a client using that client's traffic.

Yet, as the bandwidth recording & display is local to the monitoring instance (with no API provided),

I see screenshots of bandwidth on Twitter.
And publicly available munin pages on relays.
You might be surprised what people release.

even if disclosed to public access, the harm is - according to my understanding of the matter - limited to the node(s) monitored, if at all. How does this (local situation) 'harm the anonymity properties of the [whole] Tor network'?

Relays are not anonymous.
Releasing detailed bandwidth can harm the anonymity of clients.
See above.

T
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays