[tor-relays] Individual Operator Exit Probability Threshold

Duncan dguthrie at posteo.net
Mon Sep 25 23:57:00 UTC 2017


Hi Jonathan,

Jonathan D. Proulx:
> On Sat, Sep 23, 2017 at 02:36:00PM +0000, Duncan wrote:
> :Hi Jonathan,
> :
> :Jonathan Proulx:
> :> 
> :> To the initial question for a honest operator who's open about their
> :> ownership and enters proper family membership data I can't see how
> :> more exit volume is a problem.  TOR needs to be resilient against
> :> malicious operators who don't disclose, nto sure what the current
> :> value of "global" is but I should hope it's well above 5%...
> :> 
> :
> :Firstly, it's Tor not "TOR"! :)
> 
> Tru but I type bad. :)
> 
> :I'm curious about what you mean by "global" here, and how it relates to
> :[potentially] malicious operators (suspicious relays of which are
> :frequently thrown off the Tor network).
> 
> "global" as in a global passive adversary, though I suppose running
> nodes is an active adversary.

If that's what you mean, can you clarify what you meant by "I should
hope it's well above 5%"?

If an adversary is a global passive adversary, surely that would mean
that they are for all intents and purposes seeing pretty much all of the
traffic?

I think it is worth remembering that there isn't evidence there is a
global passive adversary at the moment, even if certain agencies and
organizations clearly aspire to be one.

> 
> main point, for well behaved servers that are labled and abviously
> part of the same administrative domain clients won't use two of them
> for any circuit, so where's the harm? Not rehtorical there it woudl be
> at soem fraction of the network (as I say hopefully well abouve 5%),
> if there is have could someone smarter than me say where it is?
> 
> -Jon

Best,
Duncan


More information about the tor-relays mailing list