[tor-dev] Proposal 207: Directory guards

Nick Mathewson nickm at alum.mit.edu
Mon Oct 15 19:12:33 UTC 2012

On Mon, Oct 15, 2012 at 2:48 PM, Mike Perry <mikeperry at torproject.org> wrote:
> Again, this experimentation is already done. It's quite clear that
> adding more objects to the world of Guard activity reduces traffic
> fingerprinting accuracy, regardless of if that activity is concurrent
> with client traffic or not.

If that's the case, then it would amount to, what? the equivalent of
every user visiting one additional website on a regular basis?  Every
user visiting approximately the same website (since everybody
downloads the same directory info)?

My understanding is that while users *would* resist fingerprinting
better if everybody picked a random website off the internet and
visited it periodically, it wouldn't help much if (say) we told
everybody to visit CNN once a day. Gotta reread that paper and see if
it says differently.

> The only thing that would change this is if the adversary could somehow
> detect your directory activity using some other information channel
> other than the actual traffic patterns to specific Guards. If such a
> side channel exists, then yes, we would likely only experience the
> benefit during concurrent activity (due to feature resolution
> degradation).

Huh. If they're observing you, I bet directory traffic would be
relatively easy to note.  It's going to happen periodically whenever
consensuses become unfresh; and it's doing to involve simultaneous
requests to (approximately) all your guards; and has a characteristic
"make one request for the consensus, then make a lot of requests to
everybody for the descriptors" pattern; and it has a characteristic
patterns of retries that probably doesn't look the same as retrying a
failed circuit.

Further, the observer *knows* that the client is going to be making
directory requests periodically: part of their algorithm is now going
to be identifying which requests are directory requests, so that they
can be ignored.

> Unfortunately, it would seem that to a local observer, any directory
> guards that are not also Guards would provide this information channel,
> since all directory activity happens at roughly the same time, right?

That seems to be the case too.


More information about the tor-dev mailing list