[tor-relays] US Investigators seem to learn

mick mbm at rlogin.net
Mon Feb 18 13:26:26 UTC 2013


On Mon, 18 Feb 2013 02:05:40 -0800
Andrea Shepard <andrea at torproject.org> allegedly wrote:

> On Mon, Feb 18, 2013 at 04:59:09AM -0500, grarpamp wrote:
> > > I thought I would let you know: Our US hoster is regularly
> > > contacted by law enforcement about our exits there. Some agents
> > > ask if the traffic pattern is balanced, ie. if the same amount of
> > > traffic enters and leaves the box.
> > >
> > > I always argue that this is a good indicator for Tor traffic, and
> > > that it is bad to mix Tor traffic with other traffic for that
> > > exact reason.
> > 
> > Due to encryption and compression it might only be balanced to
> > within some typical ratio. I'm sure you have a handle on that
> > number. But that any non 1:1 ratio could make it appear to be
> > serving (or receiving) continual amounts of data. Which in the eye
> > of agents could raise question. Another question is whether these
> > US hosts are just volunteering this data to whoever comes asking,
> > with or without your instruction, or complying with formal legal
> > orders?
> > 
> > On the plus side, hopefully everyone is coming away with the
> > fact that it's just an uninteresting, agnostic, relay service and
> > time is better spent elsewhere.
> 
> Interesting; I'm pretty sure we do not use TLS compression.  Nick M.,
> that's true, yeah?
> 
> On the other hand, it could also be unbalanced because of:
> 
>  * Using that Tor process as a client
>  * Running a hidden service on that Tor process
>  * Running a directory mirror
> 

For anyone who is interested I have posted the vnstat stats for my
newest relay (0xbaddad) at http://rlogin.net/tor/bin-vnstats.txt

Whilst not quite a 1:1 ratio, it is close enough I think to show
that this is simply an agnostic relay. However, would not an exit node
show unbalanced traffic? Most net activity these days is web browsing
which is decidedly asymmetric - small outbound requests result in much
larger inbound responses. Won't an exit relay reflect that as it is the
last hop before the actual target site? 

Mick


---------------------------------------------------------------------

blog: baldric.net
gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312

---------------------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20130218/f61bf26e/attachment.pgp>


More information about the tor-relays mailing list