[tor-talk] Matryoshka: Are TOR holes intentional?
Çağıl P. Şesto
secpost at abwesend.de
Wed Jun 24 00:14:13 UTC 2015
On Tue, Jun 23, 2015 at 12:06:41AM -0400, grarpamp wrote:
> Longer reply may come, but I think it is useful to again say
> that it may be that you must disassociate the classical "tor
> centric" idea of fill away from the idea of filling the "tor circuit".
There is no benefit in padding, it does the opposite what endpoints want
from tor: data and anonymity.
Find an application that moves data, and the application that comes to mind
is filesharing. Face it, tor would grow into a massive network. If you consider
the size of 6000 relays, this idea is scary. Node participation in filesharing
networks is often tenfold the size of tor nodes recorded in consensus.
Or video streaming via HS, distribute the data to your clients, peer
them together in a DHT.
These approaches are better than feeding nonsensical data into
circuits, let's feed real data into them, it is beneficiary for
the networks participants, they want it.
Anoter approach is to attract traffic inbound and make the same destination
emit at various places that aren't strictly in the consensus: cdn as HS
can do that, without any modification of tor protocol or consensus.
Imagine wikipedia, the mozilla foundation running a HS. I'd rather see
my browser and my extensions coming from official mozilla hidden service
cdn, than via shady exitnode (no offense to all you sweet exits).
If you operate a CDN run a HS on an isolated edge. It won't emit
anything that you already have seen, since users may access your net
already via tor. Adversaries already try to compromise it using tor.
Technically, there is no difference in operations.
If you operate a CDN that has excess capacity, consider running
an exit at your leisure, with an exit policy that benefits you, your
customers. You don't have to serve all the participants of the tor
If you utilize a CDN ask them about running a HS or an exit for you,
since it may be beneficiary for your customers that already use tor.
The only centric idea of tor, its the authoriry of distributing consensus data,
it works suprisingly well. I really doubt you find better suited individuals
for that job.
More information about the tor-talk