19 Apr
2014
19 Apr
'14
1:31 p.m.
In its default configuration, Tor ensures that each relay in a circuit belongs to another /16 subnet (cf. Tor Path Specification [1], section "2.2. Path selection and constraints"). However, in the case of Amazon EC2, this constraint does not suffice as Amazon uses IP addresses from several different /16 subnets.
As does all of the bigger VPS providers that have connectivity in multiple countries. But the servers themselves are probably centrally managed by one company entity -- typically in the US. I would not be surprised if a single evil sysadmin could access any hypervisor machine having Tor relays running on them and steal their keys, without the relay operator noticing anything.