[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] How to find trust nodes?
Excuse me if I say it, but your answers make me confuse more!!! I guess there is no guarantee about Tor nodes. Governments and bad people can launch a Tor node and sniff Tor users traffic and...
--------------------------------------------
On Thu, 9/28/17, Seth David Schoen <schoen@xxxxxxx> wrote:
Subject: Re: [tor-talk] How to find trust nodes?
To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Date: Thursday, September 28, 2017, 1:41 AM
George writes:
> But ultimately, Tor's topography
mitigates against one of the three
>
nodes in your circuit being compromised. If the first hop
is
> compromised, then they only know who
you are, but not where your
> destination
is. If the last hop is compromised, they only know where
> you're going, but not who you are
(unless your providing clear text of
>
personally identifying information).
A challenge is that there are threat models in
which a considerable number
of Tor users may
be exposed, at least for some of their circuits.
* If a single adversary runs
several fast nodes that are popular and whose
relationship to each other is undisclosed, a
pretty high amount of traffic
may select
that adversary's nodes as entry and exit nodes for the
same
circuit. The guard node design
gives a relatively low probability of this
happening to any individual user with
respect to any individual
adversary in
any specific time period, but doesn't guarantee that
it
would be a particularly rare event for
Tor users as a whole.
* If
adversaries cooperate, they can get benefits equivalent to
running many
nodes even though each one
only runs a few.
* If an
adversary can monitor network activity and see both entry
and exit
points, for a given circuit, it
can perform correlations even though
it
doesn't operate any nodes. Or, an adversary that can
monitor some
networks can increase its
chance of getting visibility of both ends of
a connection by also operating some nodes,
since some users whose entry
or exit
activity the adversary otherwise wouldn't have been able
to
monitor from network surveillance
alone may sometimes randomly choose to
use that adversary's nodes in one of these positions.
* An adversary that can
monitor some kind of public or private online
activity can perform coarse-grained timing
correlation attacks between
its own entry
nodes (or parts of the Internet where it can see Tor
node entry) and the online activity that it
can see. For example, if a
user
regularly uses Tor to participate in some kind of public
forum,
public chat, etc., the adversary
could gather data about how entry
traffic
that it can see does or doesn't correlate with that
participation.
Or if an adversary can
obtain logs about the use of a particular online
service, even though those logs aren't
available to the general public,
it can
also correlate that statistically with entry data that it
has
available for some other reason.
The "good news" is
that a given Tor user is probably not very likely to
be vulnerable to many of these attacks from
many adversaries when using
Tor infrequently
or for brief periods. Yet many of these attacks would
work at least some of the time against a pretty
considerable amount of
Tor traffic.
I agree with your point that
just having more random people run nodes
helps decrease the probability of success of
several of these attacks.
--
Seth Schoen <schoen@xxxxxxx>
Senior Staff Technologist
https://www.eff.org/
Electronic Frontier Foundation
https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109
+1 415 436 9333 x107
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go
to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-----Inline Attachment Follows-----
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk