Snakes On A Tor

Mike Perry mikepery at fscked.org
Thu Aug 24 19:59:05 UTC 2006


Thus spake Matej Kovacic (matej.kovacic at owca.info):

> Hi,
> 
> I have another idea. With Snakes On A Tor you are trying to estimate 
> amount of exit "abusers" and catch them.
> 
> What about some simple exit traffic analysis to detect how many people 
> are using non-encrypted communications?
> 
> We would have then the estimation about actual and potential abuse.

Heh, no thanks. So then we know what? That when given guns, people
are likely to shoot themselves with them? Big surprise ;)

I do have to fight my evil twin nearly every day to not write a script
to watch google queries on my exit. It's a harder battle than quitting
smoking. I bet Tor users google for some really interesting stuff. I
considered proposing using aggregate query stats for research purposes
(hey, could be another reason for Universities to run tor nodes), but
in light of this AOL deal (and also US wiretap law), such a thing
would probably be suicide. The wiretap thing is debatable though.. my
ISP informs me they record whatever they feel like, I should be able
to do the same why not.


One idea that I did consider was asking if anyone ran or would care to
run any honeypots, and then log into those with unique
POP/IMAP/telnet/web/whatever logins/passwords for each exit (or a
group of exits). Then we could tell if certain exits were actually
USING this plaintext data.

But keeping the IPs of these honeypots a secret would be incredibly
hard, if nothing else because malicious exit owners probably would be
able to figure it out over a preriod of time based on usage patterns.
Once the honeypots are known, malicious exits would just not use them.

For stuff like this, I agree with Roger, everyone should be using SSL
anyway.  Those who don't use IMAPS/POPS should be weeded from the
population via death by embarassment. Bring on the Wall of Sheep.

Unfortunately for exe/doc formats, there is seldom the option for even
an MD5, let alone gpg sig. And SSL is out of the question for most of
these sites. So some other stopgap was needed.

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs



More information about the tor-talk mailing list