[tbb-bugs] #21944 [Applications/Tor Browser]: Makeing all TBB users into middle nodes to make website traffic fingerprinting attacks much harder for a attacker
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Apr 15 12:02:07 UTC 2017
#21944: Makeing all TBB users into middle nodes to make website traffic
fingerprinting attacks much harder for a attacker
Reporter: Dbryrtfbcbhgf | Owner: tbb-team
Type: enhancement | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
Comment (by blockflare):
See the FAQ https://www.torproject.org/docs/faq.html.en#EverybodyARelay
You should make every Tor user be a relay.
Requiring every Tor user to be a relay would help with scaling the network
to handle all our users, and running a Tor relay may help your anonymity.
However, many Tor users cannot be good relays — for example, some Tor
clients operate from behind restrictive firewalls, connect via modem, or
otherwise aren't in a position where they can relay traffic. Providing
service to these clients is a critical part of providing effective
anonymity for everyone, since many Tor users are subject to these or
similar constraints and including these clients increases the size of the
That said, we do want to encourage Tor users to run relays, so what we
really want to do is simplify the process of setting up and maintaining a
relay. We've made a lot of progress with easy configuration in the past
few years: Tor is good at automatically detecting whether it's reachable
and how much bandwidth it can offer.
There are five steps we need to address before we can do this though:
First, we need to make Tor stable as a relay on all common operating
systems. The main remaining platform is Windows, and we're mostly there.
See Section 4.1 of our development roadmap.
Second, we still need to get better at automatically estimating the right
amount of bandwidth to allow. See item #7 on the research section of the
volunteer page: "Tor doesn't work very well when relays have asymmetric
bandwidth (e.g. cable or DSL)". It might be that switching to UDP
transport is the simplest answer here — which alas is not a very simple
answer at all.
Third, we need to work on scalability, both of the network (how to stop
requiring that all Tor relays be able to connect to all Tor relays) and of
the directory (how to stop requiring that all Tor users know about all Tor
relays). Changes like this can have large impact on potential and actual
anonymity. See Section 5 of the Challenges paper for details. Again, UDP
transport would help here.
Fourth, we need to better understand the risks from letting the attacker
send traffic through your relay while you're also initiating your own
anonymized traffic. Three different research papers describe ways to
identify the relays in a circuit by running traffic through candidate
relays and looking for dips in the traffic while the circuit is active.
These clogging attacks are not that scary in the Tor context so long as
relays are never clients too. But if we're trying to encourage more
clients to turn on relay functionality too (whether as bridge relays or as
normal relays), then we need to understand this threat better and learn
how to mitigate it.
Fifth, we might need some sort of incentive scheme to encourage people to
relay traffic for others, and/or to become exit nodes. Here are our
current thoughts on Tor incentives.
Please help on all of these!
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21944#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs