
The counter they made has a good point, that you really don't know who is using it; but to suggest that means it's entirely used by criminals is also ridiculous. What can be known is *how* TOR is being used by setting up studies at exits and seeing what kind of services people are connecting to. From that, some inference of *who* is using TOR is possible. Maybe it's the same guy buying cocaine from a black market seller that posts articles on a civil rights abuses site, but it would be silly to make that assumption. From the usage stats I've seen, the TOR website paints a prettier picture than the truth, but at the same time opponents paint a significantly darker one. On 05/03/2017 05:00 AM, tor-relays-request@lists.torproject.org wrote:
-- Cheers, Jivan Amara --- Senior Full-Stack Developer Development@JivanAmara.net (619) 549-4497

What can be known is *how* TOR is being used by setting up studies at exits and seeing what kind of services people are connecting to.
Please don't do that, or suggest doing that. Sniffing or inspecting exit traffic may be illegal in some jurisdictions, and will result in the BadExit flag.

What can be known is *how* TOR is being used by setting up studies at exits and seeing what kind of services people are connecting to.
How is this even possible? Surely, sniffing or inspecting traffic is inherently passive?
Ignoring the legal implications for a moment, and also the logical issue of how you'd "study" exit traffic and publish your findings without basically admitting to the world you've been intercepting users' traffic... From the level of the Tor network and its directory authorities, I think it's only feasible to detect sniffing when "sslstrip" style attacks are used. I.e., it's possible to detect man-in-the-middle attacks where SSL is in place. I know this has been used to detect and flag bad exits in the past. I am not aware of trivial methods to detect passive sniffing of unencrypted traffic.

On 03.05.2017 19:07, Jivan Amara wrote:
What can be known is *how* TOR is being used by setting up studies at exits and seeing what kind of services people are connecting to.
Keeping logs of Tor related traffic on nodes -- a prerequisite for analysing behaviour -- is not only a bad idea that weakens anonymity, but is also potentially illegal. Service providers can evaluate the percentage of incoming connections from Tor exit nodes (exit lists are publicly available), but Tor nodes should never keep a record of the source or destination of the traffic they're routing, or of DNS lookups. -Ralph
participants (4)
-
Anders Andersson
-
Jivan Amara
-
Ralph Seichter
-
tor