[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Some thoughts about Tor Project



Hi juanjo,

Welcome! :)

On 05/21/2016 07:56 PM, juanjo wrote:
> -A circuit should never have all hops from the same country: days ago I
> was on a web with the latest version of Tor Browser and I advised all
> hops from the circuit were from the same country. This is bad, since
> with bulk data collection and traffic analysis this country could
> deanonymize me easily.

The decision is hard to make across all users. You want a uniform
strategy for all 2 million+ users. Crossing country borders might
actually make it legally and technically *more* easy for your adversary
to collect and analyze traffic. If, say, all relays in your circuit
happen to be on ISPs that peer with each other, there might not be a
tapping device installed at all in between those. Internet routing is
complex.

But, yes, for many users it may be useful to cross borders. You seem to
be interested in anonymity, so you will love
http://freehaven.net/anonbib/ :-)
http://freehaven.net/anonbib/#ccs2013-usersrouted is a quite good
overview paper that looks at the problem you touch.

> cheap VPS to install Tor nodes, but I think thats bad. We should advice
> Tor node operators to move their nodes to other countries if possible...
> or even a campaign with crowdfunding to create more nodes in countries
> where there aren't many...

While I agree that for many users crossing borders might be useful, I am
not sure this is the perfect strategy for everyone. We had a script to
distribute donations that we receive as Torservers, and as a first
approximation the money you would get would be higher if the exit relay
was in a country with low total exit capacity. You might like it.
Unfortunately it is buggy, someone should do a rewrite and potentially
work in more criteria.

https://github.com/torservers/exit-funding

There is also http://www.tor-roster.org/ , a project that awards
"points" based on some of the potential criteria.

> -Maybe we should think a way of introducing high latency features on
> Tor, I know this is troublesome but we need to think a way to protect
> people even if NSA and Europe works together against Tor users...

Some time ago, researchers from Ruhr-University mentioned on tor-dev@
that they were working on something like it. Pond was a similar
experiment. I would love to see high-latency support integrated in Tor,
but there's a lot of open research questions. Maybe, if you have time to
dig into this, a great outcome would be to bug Tor developers and
collect all the open questions and potential design decisions into a
wiki page!

> -What about Tor traffic obfuscation by default? I mean the traffic
> between all Tor nodes. Will it help on something?

You might like https://arxiv.org/abs/1512.00524 and
https://blog.torproject.org/blog/critique-website-traffic-fingerprinting-attacks
.

> -More public libraries with Tor nodes. Great work with that, this
> initiative should spread.

It is slowly spreading :) Take it on and get in touch with local libraries!

> And maybe how Tor Browser users can help the
> network in the future being a relay...

https://www.torproject.org/docs/faq.html.en#EverybodyARelay

> -I heard making a pluggable transport work in a privileged port (less
> than 1024) is a hard work. we have to fix it.

It's worse, the instructions on the website are quite outdated. It's a
surprise we even have bridges with latest pluggable transports...

> -Better node testing: I think some people is working on this already. I
> mean more and better ways to test if a exit node is a bad exit, or if
> any other node is making traffic shaping attack.

Yes, this is actively being worked on.

> So this is it. Thank you all again for all your hard work and see you in
> other time.

Great feedback, great questions and comments! Spot on! :)

-- 
Moritz Bartl
https://www.torservers.net/
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk