Gesendet: Samstag, 20. Januar 2018 um 17:06 Uhr Von: "Iain Learmonth" irl@torproject.org An: tor-relays@lists.torproject.org Betreff: Re: [tor-relays] Onionoo bandwidth recording stopped? Hi,
On 20/01/18 10:25, Ralph Wetzel wrote:
As a consequece, I'll consider implementing a recording function into The Onion Box.
When you do this, please make it clear to users that making their fine-grained bandwidth usage information public may harm the anonymity properties of the Tor network.
On 21 Jan 2018, at 04:03, Ralph Wetzel theonionbox@gmx.com wrote:
Isn't this an inherent contradiction?
No. Making bandwidth information public makes it easier to link onion services with their guards. It might also allow other kinds of attacks.
We think it's safe to release a daily bandwidth figure for each relay. Or, more precisely, relays publish daily bandwidths so we can do bandwidth measurement and statistics. We don't like releasing that level of data, but it would take a lot of development effort to do it differently.
If someone exposes his bandwidth usage information to public access, he already harmed the anonymity of *his* relay.
Relays are not anonymous.
Anonymity is a property of the Tor network, not individual relays. But individual relays can compromise the anonymity of clients that build paths through them, by making it easier for adversaries to find a client using that client's traffic.
Yet, as the bandwidth recording & display is local to the monitoring instance (with no API provided),
I see screenshots of bandwidth on Twitter. And publicly available munin pages on relays. You might be surprised what people release.
even if disclosed to public access, the harm is - according to my understanding of the matter - limited to the node(s) monitored, if at all. How does this (local situation) 'harm the anonymity properties of the [whole] Tor network'?
Relays are not anonymous. Releasing detailed bandwidth can harm the anonymity of clients. See above.
T