On Fri, Jan 31, 2020 at 05:48:19PM -0500, Matt Corallo wrote:
Still, relying on the dirauths as they exist today is not perfect. While it may, in principle, be ok that OVH has a preponderance of Tor relays, it wouldn???t be ok to build a path through only OVH relays (even if they are in different countries). In theory ASMap could address exactly that.
Hi Matt!
The real fun begins when you think not just about the locations of the relays, but about the locations that the traffic goes through, when it's transiting between relays.
That is, yes you should worry about whether all your relays are in buildings owned by OVH. But you should also worry about whether the traffic between the relays transits a single (the same) telephone company at each hop. And for the Tor case (I don't know about your case), what matters most to us is the internet path between the client and the first relay, and the internet path between the last relay and the destination.
Many papers have been written about the topic, from measuring how bad it is: https://www.freehaven.net/anonbib/#feamster:wpes2004 https://www.freehaven.net/anonbib/#DBLP:conf:ccs:EdmanS09 https://www.freehaven.net/anonbib/#ccs2013-usersrouted https://www.freehaven.net/anonbib/#trustrep-pets2015 https://www.freehaven.net/anonbib/#tortraceroutes-pets2015
to designing alternate path selection mechanisms to avoid trust bottlenecks: https://www.freehaven.net/anonbib/#ccs2011-trust https://www.freehaven.net/anonbib/#ASlevel-ndss2016 https://www.freehaven.net/anonbib/#taps-ndss2017 https://www.freehaven.net/anonbib/#counter-raptor https://www.freehaven.net/anonbib/#placement-pets2019
And those are just a few of them. To start reading, I would suggest these three: https://blog.torproject.org/improving-tors-anonymity-changing-guard-paramete... https://www.freehaven.net/anonbib/#ccs2013-usersrouted https://www.freehaven.net/anonbib/#placement-pets2019
Hope this helps, --Roger