[tbb-bugs] #21944 [Applications/Tor Browser]: Makeing all TBB users into middle nodes to make website traffic fingerprinting attacks much harder for a attacker

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Apr 15 12:02:07 UTC 2017

#21944: Makeing all TBB users into middle nodes to make website traffic
fingerprinting attacks much harder for a attacker
 Reporter:  Dbryrtfbcbhgf             |          Owner:  tbb-team
     Type:  enhancement               |         Status:  new
 Priority:  High                      |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Major                     |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:

Comment (by blockflare):

 See the FAQ https://www.torproject.org/docs/faq.html.en#EverybodyARelay

 You should make every Tor user be a relay.

 Requiring every Tor user to be a relay would help with scaling the network
 to handle all our users, and running a Tor relay may help your anonymity.
 However, many Tor users cannot be good relays — for example, some Tor
 clients operate from behind restrictive firewalls, connect via modem, or
 otherwise aren't in a position where they can relay traffic. Providing
 service to these clients is a critical part of providing effective
 anonymity for everyone, since many Tor users are subject to these or
 similar constraints and including these clients increases the size of the
 anonymity set.

 That said, we do want to encourage Tor users to run relays, so what we
 really want to do is simplify the process of setting up and maintaining a
 relay. We've made a lot of progress with easy configuration in the past
 few years: Tor is good at automatically detecting whether it's reachable
 and how much bandwidth it can offer.

 There are five steps we need to address before we can do this though:

 First, we need to make Tor stable as a relay on all common operating
 systems. The main remaining platform is Windows, and we're mostly there.
 See Section 4.1 of our development roadmap.

 Second, we still need to get better at automatically estimating the right
 amount of bandwidth to allow. See item #7 on the research section of the
 volunteer page: "Tor doesn't work very well when relays have asymmetric
 bandwidth (e.g. cable or DSL)". It might be that switching to UDP
 transport is the simplest answer here — which alas is not a very simple
 answer at all.

 Third, we need to work on scalability, both of the network (how to stop
 requiring that all Tor relays be able to connect to all Tor relays) and of
 the directory (how to stop requiring that all Tor users know about all Tor
 relays). Changes like this can have large impact on potential and actual
 anonymity. See Section 5 of the Challenges paper for details. Again, UDP
 transport would help here.

 Fourth, we need to better understand the risks from letting the attacker
 send traffic through your relay while you're also initiating your own
 anonymized traffic. Three different research papers describe ways to
 identify the relays in a circuit by running traffic through candidate
 relays and looking for dips in the traffic while the circuit is active.
 These clogging attacks are not that scary in the Tor context so long as
 relays are never clients too. But if we're trying to encourage more
 clients to turn on relay functionality too (whether as bridge relays or as
 normal relays), then we need to understand this threat better and learn
 how to mitigate it.

 Fifth, we might need some sort of incentive scheme to encourage people to
 relay traffic for others, and/or to become exit nodes. Here are our
 current thoughts on Tor incentives.

 Please help on all of these!

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21944#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list