I know that if someone control all the 3 nodes that i connect to while using Tor, he can know who i am.
Now how can we know and ensure the most nodes are not run by the same entity, let’s say the American government ?
We don’t know who run the nodes, right ?
Interesting question. We don’t know.
I’m thinking about the odds of you or anyone else getting all three nodes from the same entity. Why stop at .US? Why not .CN or .RU or .UK or .FR or maybe a collaboration of let’s say the Five Eyes (FVEY).
And I bet state actors have ways of “encouraging this”.
I know that if someone control all the 3 nodes that i connect to while using Tor, he can know who i am.
They do not even need to control all three, just two:
No adversary is truly global, but no adversary needs to be truly global," he says. “Eavesdropping on the entire Internet is a several-billion-dollar problem. Running a few computers to eavesdrop on a lot of traffic, a selective denial of service attack to drive traffic to your computers, that’s like a tens-of-thousands-of-dollars problem.” At the most basic level, an attacker who runs two poisoned Tor nodes—one entry, one exit—is able to analyse traffic and thereby identify the tiny, unlucky percentage of users whose circuit happened to cross both of those nodes. In 2016 the Tor network offers a total of around 7,000 relays, around 2,000 guard (entry) nodes and around 1,000 exit nodes. So the odds of such an event happening are one in two million (1⁄2000 × 1⁄1000), give or take (source).
In addition, as @ukmr pointed out in this post, the NSA doesn’t even need to run their own nodes. Even if you “own” a relay running on a VPS, the NSA probably still has some level of access to it via the VPS provider, who may be legally obliged to cooperate with them by sharing logs and other information. Full-disk encrpytion on a VPS is no defense:
Encryption just helps against an attacker who has to shutdown the server (see dedicated server), otherwise he can just dump the ram of the VPS. This way he gains access to the encryption key (source).
===
We don’t know who run the nodes, right ?
I believe you are right, but the problem of “poisoned nodes” is well known. For example, this article explains some of the attacks that malicious relay operators can perform and how Guard relays can help mitigate them. Here is another article about ways to discover bridges. Here is another article about attacks on Tor.
===
Now how can we know and ensure the most nodes are not run by the same entity, let’s say the American government ?
One way is to encourage “ordinary people” to run their own relays on physical hardware that they control. This will reduce the fraction of poisoned nodes in the network and thereby reduce the odds of de-anonymization for any given circuit. That is why community outreach is so important.
One way is to encourage “ordinary people” to run their own relays on physical hardware that they control. This will reduce the fraction of poisoned nodes in the network and thereby reduce the odds of de-anonymization for any given circuit. That is why community outreach is so important.
What about the idea of using normal devices as relays, like smartphones and other powerful enough computers, this way we will have billions of relays and it will be super hard for anyone to de-anonymize us ?
Somehow yes. But this would require a full refactoring of how circuits are built, that means the code. For example:
Currently every relay in middle position and bridges need to reach every other relay on IP level. The 7k relays today are not an issue but the port limit per IP is below 64k outbound. That is the limit at operator level (some tricks on multihomed servers aside). So even 50k relays would nearly not work.
Solution? When? Such redesign would need years plus it generates additional issues if not every relay can reach every other (groups, clustering …). System work (research) is necessary.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.
Correct.
Sure, as long as the hardware requirements are met:
You can use hardware such as a Raspberry Pi for a Pi Relay:
You can also consider using the Snowflake browser extension:
https://snowflake.torproject.org/
Otherwise, there is HebTor, but the GitHub repository is inactive:
I just stumbled upon this thing called i2p and it seems to be doing just that.