[tor-relays] US Investigators seem to learn

Aaron aagbsn at extc.org
Mon Feb 18 14:24:44 UTC 2013 

On Mon, Feb 18, 2013 at 1:26 PM, mick <mbm at rlogin.net> wrote:
> On Mon, 18 Feb 2013 02:05:40 -0800
> Andrea Shepard <andrea at torproject.org> allegedly wrote:
>
>> On Mon, Feb 18, 2013 at 04:59:09AM -0500, grarpamp wrote:
>> > > I thought I would let you know: Our US hoster is regularly
>> > > contacted by law enforcement about our exits there. Some agents
>> > > ask if the traffic pattern is balanced, ie. if the same amount of
>> > > traffic enters and leaves the box.
>> > >
>> > > I always argue that this is a good indicator for Tor traffic, and
>> > > that it is bad to mix Tor traffic with other traffic for that
>> > > exact reason.
>> >
>> > Due to encryption and compression it might only be balanced to
>> > within some typical ratio. I'm sure you have a handle on that
>> > number. But that any non 1:1 ratio could make it appear to be
>> > serving (or receiving) continual amounts of data. Which in the eye
>> > of agents could raise question. Another question is whether these
>> > US hosts are just volunteering this data to whoever comes asking,
>> > with or without your instruction, or complying with formal legal
>> > orders?
>> >
>> > On the plus side, hopefully everyone is coming away with the
>> > fact that it's just an uninteresting, agnostic, relay service and
>> > time is better spent elsewhere.
>>
>> Interesting; I'm pretty sure we do not use TLS compression.  Nick M.,
>> that's true, yeah?
>>
>> On the other hand, it could also be unbalanced because of:
>>
>>  * Using that Tor process as a client
>>  * Running a hidden service on that Tor process
>>  * Running a directory mirror
>>
>
> For anyone who is interested I have posted the vnstat stats for my
> newest relay (0xbaddad) at http://rlogin.net/tor/bin-vnstats.txt
>
> Whilst not quite a 1:1 ratio, it is close enough I think to show
> that this is simply an agnostic relay. However, would not an exit node
> show unbalanced traffic? Most net activity these days is web browsing
> which is decidedly asymmetric - small outbound requests result in much
> larger inbound responses. Won't an exit relay reflect that as it is the
> last hop before the actual target site?
>
> Mick

Well, every byte fetched from the target site will get relayed back to
the original client, so the traffic ratio should be 1:1 (unless, as
Andrea alluded to, the amount of bytes transported is significantly
less due to compression).

--Aaron
>
>
> ---------------------------------------------------------------------
>
> blog: baldric.net
> gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312
>
> ---------------------------------------------------------------------
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>

More information about the tor-relays mailing list