[tor-talk] How to find trust nodes?

Thu Sep 28 07:31:56 UTC 2017

Excuse me if I say it, but your answers make me confuse more!!! I guess there is no guarantee about Tor nodes. Governments and bad people can launch a Tor node and sniff Tor users traffic and... 
--------------------------------------------
On Thu, 9/28/17, Seth David Schoen <schoen at eff.org> wrote:

 Subject: Re: [tor-talk] How to find trust nodes?
 To: tor-talk at lists.torproject.org
 Date: Thursday, September 28, 2017, 1:41 AM

 George writes:

 > But ultimately, Tor's topography
 mitigates against one of the three
 >
 nodes in your circuit being compromised. If the first hop
 is
 > compromised, then they only know who
 you are, but not where your
 > destination
 is. If the last hop is compromised, they only know where
 > you're going, but not who you are
 (unless your providing clear text of
 >
 personally identifying information).

 A challenge is that there are threat models in
 which a considerable number
 of Tor users may
 be exposed, at least for some of their circuits.

 * If a single adversary runs
 several fast nodes that are popular and whose
   relationship to each other is undisclosed, a
 pretty high amount of traffic
   may select
 that adversary's nodes as entry and exit nodes for the
 same
   circuit.  The guard node design
 gives a relatively low probability of this
   happening to any individual user with
 respect to any individual
   adversary in
 any specific time period, but doesn't guarantee that
 it
   would be a particularly rare event for
 Tor users as a whole.

 * If
 adversaries cooperate, they can get benefits equivalent to
 running many
   nodes even though each one
 only runs a few.

 * If an
 adversary can monitor network activity and see both entry
 and exit
   points, for a given circuit, it
 can perform correlations even though
   it
 doesn't operate any nodes.  Or, an adversary that can
 monitor some
   networks can increase its
 chance of getting visibility of both ends of
   a connection by also operating some nodes,
 since some users whose entry
   or exit
 activity the adversary otherwise wouldn't have been able
 to
   monitor from network surveillance
 alone may sometimes randomly choose to

 use that adversary's nodes in one of these positions.

 * An adversary that can
 monitor some kind of public or private online
   activity can perform coarse-grained timing
 correlation attacks between
   its own entry
 nodes (or parts of the Internet where it can see Tor
   node entry) and the online activity that it
 can see.  For example, if a
   user
 regularly uses Tor to participate in some kind of public
 forum,
   public chat, etc., the adversary
 could gather data about how entry
   traffic
 that it can see does or doesn't correlate with that
 participation.
   Or if an adversary can
 obtain logs about the use of a particular online
   service, even though those logs aren't
 available to the general public,
   it can
 also correlate that statistically with entry data that it
 has
   available for some other reason.

 The "good news" is
 that a given Tor user is probably not very likely to
 be vulnerable to many of these attacks from
 many adversaries when using
 Tor infrequently
 or for brief periods.  Yet many of these attacks would
 work at least some of the time against a pretty
 considerable amount of
 Tor traffic.

 I agree with your point that
 just having more random people run nodes
 helps decrease the probability of success of
 several of these attacks.

 -- 
 Seth Schoen  <schoen at eff.org>
 Senior Staff Technologist             
          https://www.eff.org/
 Electronic Frontier Foundation           
       https://www.eff.org/join
 815 Eddy Street, San Francisco, CA  94109   
    +1 415 436 9333 x107
 -- 
 tor-talk mailing list - tor-talk at lists.torproject.org
 To unsubscribe or change other settings go
 to
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

 -----Inline Attachment Follows-----