[tor-bugs] #19959 [Core Tor/Tor]: have a flag for Tor relay location, if a relay is hosted in a data center, cloud or physically secured

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Dec 6 17:48:25 UTC 2017 

#19959: have a flag for Tor relay location, if a relay is hosted in a data center,
cloud or physically secured
-------------------------------------------------+-------------------------
 Reporter:  adrelanos                            |          Owner:  (none)
     Type:  enhancement                          |         Status:  new
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  unspecified
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  needs-spec tor-relay directory easy  |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by irl):

 Replying to [ticket:19959 adrelanos]:
 > However, we know from the leaks, that may data centers have a backdoor
 and front door. So the security of these relays is under attack, since the
 host cannot control the security and NSL status of the data center / cloud
 provider.

 But the security of all relays (and Internet hosts) is "under attack".
 They all use ISPs/transit providers/etc. for their traffic and I doubt
 that private facilities hosting Tor relays have greater physical security
 than larger cloud providers (obviously exceptions may exist). A user
 defined flag is not going to help too much here.

 > Once such as {{{Location}}} flag exists, researchers that work on
 improved Tor routing algorithms could make use of that information.

 This flag could already be determined, perhaps more reliably than user
 definition, using counts of relays per AS/netblock.

 It is also important to ensure that everyone in the network is choosing
 from the same set of relays. Introducing a distinction between these types
 of relays would change the anonymity set for users to consist of only
 users that are using the relays in their set locations, which would be
 damaging to the anonymity properties of the network.

 Can you give an example of an attack that would be prevented or mitigated
 by this flag?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19959#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list