[tor-talk] !!! Important please read. !!!

Paul Syverson paul.syverson at nrl.navy.mil
Wed Jan 8 17:23:24 UTC 2014


On Wed, Jan 08, 2014 at 02:40:11PM +0100, Andreas Krey wrote:
> On Wed, 08 Jan 2014 13:17:47 +0000, Mark McCarron wrote:
> ...
> 
> > No, its not.  Traffic obfuscation techniques can eliminate the
> > global view.  It just needs to be implemented correctly.
> 
> How? A user can only interact with a service while he is online ->
> correlate user online times with service usage times of a given persona
> -> voila.

Right. There's over a decade of research showing that nobody beats
longterm intersection given a targeted attack by a well-resourced
adversary. (And anything practical for Tor does not even need to be
longterm.) Cf. freehaven.net/anonbib/ and since it's not there also my
"Why I'm not an Entropist?" against any notion that one can "eliminate
the global view".  This is a lesson that has been re-taught at least
since I was asked in 1997 why we were creating onion routing instead
of building pipenet. There are interesting things one can do to
improve against some practical adversaries. As always devil's in the
details.

> 
> ...
> > We need to improve Tor.
> 
> And how? Bear in mind that we are dealing with a global *active*
> adversary that may well be capable of looking into tor nodes.
> 

I think you meant "And How!" ;>)
Tor may be the best thing available, but it still has lots of places
where work is needed.
Cf. https://www.torproject.org/getinvolved/volunteer.html.en

I think the latest word on where things stand is probably our
"Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries",
which is on anonbib. An overlapping group of people is now at work
on how to leverage trust to improve things given those results.
And changing Tor's guard parameters is in the works 
https://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters
given the above and other research results (especially "Changing of the
Guards: A Framework for Understanding and Improving Entry Guard
Selection in Tor").

Personally, I'm concerned that some of those planned changes should be
put on hold because they will be positive in some respects but a net
negative overall. But we need to do the research to back up or
disprove my concerns, which I can't spend any cycles on for at least a
few months since we're now focused elsewhere---such as on how
specifically to improve things using trust in the face of the
User's-Get-Routed results.

aloha,
Paul


More information about the tor-talk mailing list