On Mon, Feb 18, 2013 at 1:26 PM, mick mbm@rlogin.net wrote:
On Mon, 18 Feb 2013 02:05:40 -0800 Andrea Shepard andrea@torproject.org allegedly wrote:
On Mon, Feb 18, 2013 at 04:59:09AM -0500, grarpamp wrote:
I thought I would let you know: Our US hoster is regularly contacted by law enforcement about our exits there. Some agents ask if the traffic pattern is balanced, ie. if the same amount of traffic enters and leaves the box.
I always argue that this is a good indicator for Tor traffic, and that it is bad to mix Tor traffic with other traffic for that exact reason.
Due to encryption and compression it might only be balanced to within some typical ratio. I'm sure you have a handle on that number. But that any non 1:1 ratio could make it appear to be serving (or receiving) continual amounts of data. Which in the eye of agents could raise question. Another question is whether these US hosts are just volunteering this data to whoever comes asking, with or without your instruction, or complying with formal legal orders?
On the plus side, hopefully everyone is coming away with the fact that it's just an uninteresting, agnostic, relay service and time is better spent elsewhere.
Interesting; I'm pretty sure we do not use TLS compression. Nick M., that's true, yeah?
On the other hand, it could also be unbalanced because of:
- Using that Tor process as a client
- Running a hidden service on that Tor process
- Running a directory mirror
For anyone who is interested I have posted the vnstat stats for my newest relay (0xbaddad) at http://rlogin.net/tor/bin-vnstats.txt
Whilst not quite a 1:1 ratio, it is close enough I think to show that this is simply an agnostic relay. However, would not an exit node show unbalanced traffic? Most net activity these days is web browsing which is decidedly asymmetric - small outbound requests result in much larger inbound responses. Won't an exit relay reflect that as it is the last hop before the actual target site?
Mick
Well, every byte fetched from the target site will get relayed back to the original client, so the traffic ratio should be 1:1 (unless, as Andrea alluded to, the amount of bytes transported is significantly less due to compression).
--Aaron
blog: baldric.net gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays