[metrics-team] Report on protecting Tor from Sybil attacks
David Fifield
david at bamsoftware.com
Sat Apr 2 18:37:25 UTC 2016
On Fri, Feb 26, 2016 at 01:45:57PM -0500, Philipp Winter wrote:
> We published a report on our work on detecting Sybils in Tor:
> <https://nymity.ch/sybilhunting/pdf/sybilhunting.pdf>
>
> Corresponding code and data are also available online:
> <https://nymity.ch/sybilhunting/>
The clarity of exposition in this report is just amazing. I appreciate
it.
Section 3 says there are eight dirauths, but there are nine now. At
least, that's what I get from reading src/or/config.c (excluding Tonga,
a bridge authority). #13296 also mentions keeping the count odd.
The "rewrite" Sybils--the same exits were rewriting *both* onion
addresses and bitcoin addresses? I.e., is the attack:
* Find onion service that has bitcoin addresses on it.
* Mirror onion service and rewrite its bitcoin addresses.
* Rewrite plaintext HTTP exit traffic to change links to the onion
service to point to your mirror.
It seems like another straightforward attack is just to rewrite bitcoin
addresses in plaintext HTTP pages. Did that happen too? Maybe there's
enough bitcoin activity on onion sites to justify rewriting onion links.
More information about the metrics-team
mailing list