[tor-talk] ru news
Allen
allenpmd at gmail.com
Wed Nov 25 15:39:09 UTC 2015
> To correlate Tor traffic you need to control a majority of nodes. If
> both Russia and NSA try to control them, both fail.
>
In all fairness, AFAIK if someone controls one entry guard and one exit
node, they can correlate all traffic that uses those two nodes for entry
and exit. If there are roughly 2000 entry guards and 1000 exit nodes on
the network and if Tor clients select entry and exit nodes at random, for
every server you control, you can correlate roughly 0.00005% of the traffic
on the network. Divide that number by roughly seven for hidden "onion"
services, since that traffic can use any relay as an "exit" node, and
perhaps more than seven if the hidden service disguises itself as a Tor
relay so the traffic destination becomes more difficult to determine.
See
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack/
:
"A traffic confirmation attack is possible when the attacker controls or
observes the relays on both ends of a Tor circuit and then compares traffic
timing, volume, or other characteristics to conclude that the two relays
are indeed on the same circuit. If the first relay in the circuit (called
the "entry guard") knows the IP address of the user, and the last relay in
the circuit knows the resource or destination she is accessing, then
together they can deanonymize her."
<https://www.avast.com/?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
This
email has been sent from a virus-free computer protected by Avast.
www.avast.com
<https://www.avast.com/?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
<#DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
More information about the tor-talk
mailing list