So Griffin Boyce is canvasing for some input to improve Tor, specifially for Journalists. https://twitter.com/abditum/status/479052228138119168
1. It is known that various actors are trying to compromise Tor comms by establishing own exit nodes. With enough nodes, they can break Tor (see slides).
2. Idea: Is it possible to allow the end user to determine the geo-location (with various degrees of fine tuning from hemisphere, through continental, to top country domain to regional? (I have NFI about the inner workings of TOR protocol and new work on it)
For example. Say a journalist in Russia is using Tor, s/he declares in their tor client, that they only want to use exit nodes in South America and Australia. Thus minimising the chance the nodes are owned.
This geolocation could perhaps be used to validate the integrity of the nodes (how I dont know, maybe by establishing TOR honeypots that can only be compromised through traffic through a compromised (owned) exit node).
Risk: This is a rats nest, because if implemented incorrectly it may allow hostile actors to direct exit nodes to those that are owned.
Thanks for reading my fiction. Maybe its useful in the light of what Griffin is asking about.
If your goal is to choose an exit specially to minimize risk of it being run by a malicious actor, it seems choosing exits run by orgs you trust would be better than choosing based on where someone is hosting a server.
But yes, you can choose exits by country. I'm not saying it's a good idea or that hard choosing exits in any fashion is good for the network. (It's not.)
http://www.2byts.com/2012/03/09/how-to-configure-the-exit-country-on-tor-net... http://tor.stackexchange.com/questions/733/can-i-exit-from-a-specific-countr...
-tom On Jun 18, 2014 1:41 AM, "JP Wulf" wulf.jp@gmail.com wrote:
So Griffin Boyce is canvasing for some input to improve Tor, specifially for Journalists. https://twitter.com/abditum/status/479052228138119168
- It is known that various actors are trying to compromise Tor comms by
establishing own exit nodes. With enough nodes, they can break Tor (see slides).
- Idea: Is it possible to allow the end user to determine the
geo-location (with various degrees of fine tuning from hemisphere, through continental, to top country domain to regional? (I have NFI about the inner workings of TOR protocol and new work on it)
For example. Say a journalist in Russia is using Tor, s/he declares in their tor client, that they only want to use exit nodes in South America and Australia. Thus minimising the chance the nodes are owned.
This geolocation could perhaps be used to validate the integrity of the nodes (how I dont know, maybe by establishing TOR honeypots that can only be compromised through traffic through a compromised (owned) exit node).
Risk: This is a rats nest, because if implemented incorrectly it may allow hostile actors to direct exit nodes to those that are owned.
Thanks for reading my fiction. Maybe its useful in the light of what Griffin is asking about.
-- JP Wulf Problem Solution Engineering http://nomeonastiq.com/
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
On 06/18/2014 04:38 AM, JP Wulf wrote:
This geolocation could perhaps be used to validate the integrity of the nodes (how I dont know, maybe by establishing TOR honeypots that can only be compromised through traffic through a compromised (owned) exit node).
The Tor client does not trust the tor network by design. The user can influence the client to use countries they think are safe. See https://www.torproject.org/docs/faq.html.en#ChooseEntryExit
Hi,
Currently I am writing my master thesis on Privacy in Tor. I started out with looking into ways to improve website fingerprinting. When performing tests, I noticed that an exit node in my country (The Netherlands) was selected more often than other countries. So I took some test and here are the results. In my understanding, one would expect Tor to select exit nodes at random, only taking into account bandwidth of the exit node and guard node relations, this is what I think is going on by reading the source. I would be very happy to receive a more comprehensive explanation of the workings of (exit-)node selection.
It looks like that exit nodes are not randomly selected and it appears that nodes from my country are more often selected. This can be due to the fact that Tor takes into account the bandwidth provided by a node, but does it also keep in mind where I come from? If Tor selects an exit node more often when it has more bandwidth, doesn’t that an attacker with many resources an advantage?
I am very happy to hear your explanations and opinions about these results.
The results of the test shown in the first two pictures was performed in the following way: 1. Connect to tor 2. Receive list of nodes 3. Retrieve exit node IP 4. Send NEWYN signal and go to 3.
The loop (3 -> 4 -> 3) was done about 200 times.
1. Geolocation of exit node, list of nodes obtained through direct acces (IP) (http://i62.tinypic.com/vypcgm.png) 2. Geolocation of exit node; list of nodes obtained through US VPN (http://i60.tinypic.com/wrg705.png) 3. Blue: total nodes, Red: exit nodes. Both per country, source: onionoo.torproject.org (http://i62.tinypic.com/1zpnorb.png) 4. Distribution from figure 3, the picture that one would observe (after many tries) when random selection of exit nodes would be applied (http://i62.tinypic.com/286rg9k.png) 5. Frequency an exit-node was selected, each color represents a single IP of an exit-node. This is in the case without any VPN (http://i62.tinypic.com/k0jxjo.png)
Thank you, Max
From: Andrew Lewman andrew@torproject.is Reply: tor-dev@lists.torproject.org tor-dev@lists.torproject.org Date: 18 Jun 2014 at 17:41:43 To: tor-dev@lists.torproject.org tor-dev@lists.torproject.org Subject: Re: [tor-dev] Tor Geolocating exit nodes.
On 06/18/2014 04:38 AM, JP Wulf wrote:
This geolocation could perhaps be used to validate the integrity of the nodes (how I dont know, maybe by establishing TOR honeypots that can only be compromised through traffic through a compromised (owned) exit node).
The Tor client does not trust the tor network by design. The user can influence the client to use countries they think are safe. See https://www.torproject.org/docs/faq.html.en#ChooseEntryExit
-- Andrew pgp 0x6B4D6475 https://www.torproject.org/ +1-781-948-1982 _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
-
Andrew Lewman -
JP Wulf -
Max Hovens -
Tom Ritter