[tor-talk] Default clients to be non-exit relay LibTech x
    Roger Dingledine 
    arma at mit.edu
       
    Wed Aug 28 20:01:01 UTC 2013
    
    
  
On Wed, Aug 28, 2013 at 12:41:58PM -0700, Percy Alpha wrote:
> > Every client has to download the full list of relays ("consensus")
> > periodically. In areas with little connectivity, this already puts a
> > high burden on clients.
> 
> Griffin pointed out Tor could download only a portion of relays.
Done naively, this is a poor idea: if you fetch only a subset of
relays, and the adversary can learn or guess which subset you have,
then partitioning attacks can significantly degrade your anonymity. For
example, a middle relay sees the first and third relays, and then asks
itself which users have those three relays in their subset.
See http://freehaven.net/anonbib/#danezis-pet2008 plus the papers it
cites for details.
There are two plausible approaches to fetching a subset of the network
when it gets too big for every client to fetch all of it:
A) Use a DHT-like design to anonymize which relays you're learning about.
For background there, see
http://freehaven.net/anonbib/#wpes09-dht-attack
http://freehaven.net/anonbib/#ccs09-shadowwalker
http://freehaven.net/anonbib/#ccs09-torsk
http://freehaven.net/anonbib/#ccs10-lookup
and this line of papers sort of ran out of steam without producing a
crisp simple non-flawed design.
B) Fetch your subset anonymously through PIR:
http://freehaven.net/anonbib/#usenix11-pirtor
I'm inclined to prefer 'B', because it seems simpler, but maybe that's
only because nobody has fleshed out the actual engineering part of how
we'd deploy it.
> Now when I manually choose serve as a relay, Tor automatically determines
> my bandwidth option(>1.5M).  Tor can default to relay for large bandwidth
> users only.
You might like proposal 175:
https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/175-automatic-node-promotion.txt
Now all we need is somebody to do it.
Also, be sure to read
https://www.torproject.org/docs/faq#EverybodyARelay
In particular point 3 (more relays equals more sockets used on each relay)
and point 4 (there are anonymity attacks that get much easier when the
list of users is known). Especially point 4.
--Roger
    
    
More information about the tor-talk
mailing list