[tor-talk] End-to-end correlation for fun and profit

Jacob Appelbaum jacob at appelbaum.net
Wed Aug 22 02:14:37 UTC 2012


Maxim Kammerer:
>> It's comforting that this approach yields quickly diminishing returns.
>> Going from 25 to 60 networks only gets you a 10% increase in networks
>> surveillance (if I'm reading the output correctly), and returns plateau
>> entirely at that point (I'm considering about two percent to be in the
>> noise, which may not be appropriate to this domain).
> 
> That's why I insist that everyone should be a relay by default, even
> if there are some theoretical issues that weren't worked out yet [1].
> Making everyone a relay also results in a healthier users community (I
> think I2P is one), and more intrinsic network growth.
> 

This has serious intersection attack issues, as you note. However, from
a purely practical perspective, even with our UPnP/NAT-PMP work, it's
basically not realistic with ipv4 to make *everyone* a globally
reachable relay.

I do however generally agree with the sentiment that we need to make it
significantly harder for an attacker. It's not clear to me that if
everyone was a relay, they would change the exit selection very much. It
would probably change the location of the guards as expected.

Sadly, it probably wouldn't work well for everyone being an exit - not
the least of which is that running Tor would attract attention beyond
just sending/receiving encrypted traffic.

Thanks for taking the time to start this discussion Maxim - it's a good one.

All the best,
Jacob


More information about the tor-talk mailing list