[tor-relays] non-exit risks?

Roger Dingledine arma at mit.edu
Sat Sep 21 04:52:57 UTC 2013


On Fri, Sep 20, 2013 at 11:08:27PM -0400, krishna e bera wrote:
> Once the network gets big enough so that each node and client doesnt
> know all the nodes ip addresses, is there a compelling reason that ip
> addresses of relays which are non-exit and non-guard need to be
> published to the outside world at all?  Then if someone ran a Tor node
> just to leak node ip addresses, it might be easy to figure out who it
> was and drop them from the network, and they would at least be
> contributing bandwidth.

There are several interesting research directions for how to scale the
Tor directory system past the point where all the clients can learn
about all the relays. See e.g.
http://freehaven.net/anonbib/#ccs09-nisan
http://freehaven.net/anonbib/#ccs09-shadowwalker
http://freehaven.net/anonbib/#ccs09-torsk

And this PIR-based one:
http://freehaven.net/anonbib/#usenix11-pirtor

But these don't at all tackle the goal of hiding who the relays
are from somebody trying to enumerate them. For that, take a look at
http://freehaven.net/anonbib/#DBLP:conf:ccs:VassermanJTHK09
but be prepared to say "wait, nice idea but that isn't going to scale /
work / solve my problem."

--Roger



More information about the tor-relays mailing list