Anonymity easily thwarted by flooding network with relays?
John Case
case at SDF.LONESTAR.ORG
Sat Nov 20 17:31:33 UTC 2010
On Fri, 19 Nov 2010, Theodore Bagwell wrote:
> On Fri, 19 Nov 2010 08:11 -0500, "Paul Syverson"
> <syverson at itd.nrl.navy.mil> wrote:
>> Your reactions are good. It's just that many people have had the
>> same reactions so we've explored this, and nobody in all of the research
>> done has yet produced a viable version of what you suggest.
>
> The nature of the attack outlined in the paper is expensive. The paper
> suggests rapid deployment, collection of data, and undeployment. The
> longer the interloping system runs, the more it costs.
I don't think it sounds expensive at all - I suspect a private individual
could ramp this up for $10k per month or less. It's not chump change, but
it's not exactly at the nation-state level either...
(I am thinking of Amazon EC instances, etc.)
> Perhaps, at a network level, we can detect a sudden massive deployment
> of ORs and mark them as suspicious?
>
> Or, as mentioned earlier, we can assign an OR a level of trust
> commensurate with its age? (Admittedly, this may increase security at
> the expense of delayed benefit of new ORs)
Isn't this problem an obvious "web of trust" application ? Can't this be
solved by a pgp-style web of trust ?
I don't like the idea of solving it this way because I rather like running
my tor node(s) in complete anonymity, so it's not something I necessarily
want to be involved in ... but theoretically, that would solve it, no ?
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list