[tor-talk] Should I warn against Tor?
Jens Lechtenboerger
tortalk at informationelle-selbstbestimmung-im-internet.de
Sun Jul 7 10:04:31 UTC 2013
On Sa, Jul 06 2013, Roger Dingledine wrote:
> One of the unfortunate properties of the Internet is how it's much less
> decentralized than we'd like (and than we used to think). But there are
> still quite a few different places that you need to tap in order to have
> a good chance of beating a Tor circuit. For background, you might like:
> http://freehaven.net/anonbib/#feamster:wpes2004
> http://freehaven.net/anonbib/#DBLP:conf:ccs:EdmanS09
Yes, I like those papers. Yet, I’m confused on at least two levels.
First, the current Tor Path Specification [1] selects nodes based on
/16 subnets but does not consider AS paths as in those papers.
DBLP:conf:ccs:EdmanS09 briefly mentions /16 subnets being “largely
effective, though may not be stringent enough.” In fact, the more
recent paper on LASTor [2] reports a “false-negative rate of 57%
with the default Tor client” to detect snooping ASes.
Second, I deliberately considered IXes, not ASes. From the paper by
Murdoch and Zieliński [3]:
“We suggest that existing models, based on Autonomous System (AS)
diversity, do not properly take account of the fact that while, at
the AS level abstraction, a path may have good administrative domain
diversity, physically it could repeatedly pass through the same
Internet eXchange (IX).”
Although the paper by Murdoch and Zieliński is cited in
DBLP:conf:ccs:EdmanS09, I fail to see that they address IXes at all.
Best wishes
Jens
Footnotes:
[1] https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=path-spec.txt
[2] http://www.freehaven.net/anonbib/#oakland2012-lastor
[3] http://www.freehaven.net/anonbib/#murdoch-pet2007
More information about the tor-talk
mailing list