[metrics-bugs] #6473 [Metrics/Analysis]: bandwidth related anonymity set reduction
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Apr 2 09:10:42 UTC 2018
#6473: bandwidth related anonymity set reduction
------------------------------+--------------------------
Reporter: proper | Owner: arma
Type: defect | Status: assigned
Priority: Medium | Milestone:
Component: Metrics/Analysis | Version:
Severity: Normal | Resolution:
Keywords: nickm-cares | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------+--------------------------
Comment (by arma):
Answer 1: I still like my suggestion from
https://blog.torproject.org/trip-report-tor-trainings-dutch-and-belgian-
police
about how to set up an onion service for this sort of situation:
"If I wanted to run a hidden service website that had a nation-state
adversary, I would a) run a good solid webserver like nginx; b) run it in
a VM, in a way that the VM couldn't learn its location — "no looking up
its IP", but also more subtle things like "no looking up nameservers", "no
looking up reachable wireless access points", etc; and then c) put that VM
in a VPS running in a country that hates my adversary. That way even if
somebody breaks into the webserver and breaks out of the VM, they're still
faced with a frustratingly long bureaucratic step."
In particular, if you are living in country X or your site is about
country X, consider not running your onion service is country X.
Answer 2: for papers related to your attack, check out these two:
https://www.freehaven.net/anonbib/#esorics10-bandwidth
https://www.freehaven.net/anonbib/#ccs2011-stealthy
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6473#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the metrics-bugs
mailing list