[tor-bugs] #16824 [Tor]: coexistence of client and relay processing on same thread poses traffic confirmation risk
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Aug 31 23:15:59 UTC 2015
#16824: coexistence of client and relay processing on same thread poses traffic
confirmation risk
---------------------------+--------------------------------
Reporter: starlight | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version: Tor: 0.2.6.10
Resolution: | Keywords: PostFreeze027
Actual Points: | Parent ID:
Points: |
---------------------------+--------------------------------
Comment (by s7r):
@mikeperry is right. Regardless if the same Tor instance runs a client
only or a client and a relay, an active observer can distinguish the
client traffic mixed with the relayed traffic using the timing method
described by you. But, running a relay and a client (even on the same
instance) provides you security against other attacks, which are not
active, so this x2 option (be a client and a relay, even on the same Tor
instance) is at least equally anonymous, if not (as I see it is) more
anonymous.
Adding a warning here will confuse users. How can we explain this well
enough in a single log line? Saying that it's not safe would be false,
saying it is less anonymous would be false, saying the client traffic is
compromised would be false (the traffic is not compromised, just worst
case distinguished from the relayed traffic, running the client in a
separate instance would not mitigate this).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16824#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list