[tor-bugs] #8742 [Tor]: Byte history leaks information about local usage/hidden services

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Apr 19 14:48:18 UTC 2013 

#8742: Byte history leaks information about local usage/hidden services
----------------------------------------------------------+-----------------
 Reporter:  alphawolf                                     |          Owner:                     
     Type:  defect                                        |         Status:  new                
 Priority:  normal                                        |      Milestone:                     
Component:  Tor                                           |        Version:  Tor: 0.2.4.12-alpha
 Keywords:  byte history, stats, hidden service, privacy  |         Parent:                     
   Points:                                                |   Actualpoints:                     
----------------------------------------------------------+-----------------
 Not sure if this is related to #516.

 When acting as a relay, Tor seems to collect and report on *all* incoming
 and outgoing bandwidth.  This data is then published publicly on Atlas,
 torstatus, or available for download.

 As an example, if you look at the monthly graph, it's pretty clear this
 relay become "something more than a relay" around the 7th of April:
 https://atlas.torproject.org/#details/85617CE64344948B0BAC23CD4E22245F7F66C1C8

 An attacker could use this data to determine if a relay hosts a hidden
 service (generally more bytes written than read), or if a user was
 actively browsing/downloading (more bytes read, generally) during a
 certain period of time.  An active attacker could then create a large
 amount of traffic to a hidden service, perhaps creating a known pattern of
 high traffic followed by a period of little traffic, then review the byte
 history again and look for any relays that displayed a difference of
 read/write similar to the generated traffic.  Having narrowed down the
 candidates, a DDOS of the relay would provide confirmation.  Exposing
 clients would of course be far more difficult, as most probably do not run
 as a relay.

 Possible solutions:
 *By default, don't count any traffic to/from a hidden service.  Could be
 enabled optionally in torrc... if someone really wanted it.

 *By default, don't count any traffic beginning at tor's socks port.  I
 can't think of any reason someone would want to enable this... but if
 there is a good argument for it, perhaps provide an option in torrc for
 this too.

 *Most drastically... let a user opt out of reporting byte history
 completely.  I'm guessing this is a "no go", since the stats are needed to
 help better network performance.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8742>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list