Hi all,
Last week, we were contacted by Australian law enforcement, on behalf of German law enforcement, about one of our relays.
It appears that some law enforcement agency had performed a guard discovery attack on a hidden service. One of our relays was that hidden service's guard. They requested that we provide a detailed network capture of that guard's traffic. We refused. (We do not keep detailed logs.) We also shut down the guard.
T -- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------
What was the guard discovery attack they used? Was it one of the well known published guard discovery attack or another new one?
On Wed, Apr 26, 2017 at 1:58 AM, teor teor2345@gmail.com wrote:
Hi all,
Last week, we were contacted by Australian law enforcement, on behalf of German law enforcement, about one of our relays.
It appears that some law enforcement agency had performed a guard discovery attack on a hidden service. One of our relays was that hidden service's guard. They requested that we provide a detailed network capture of that guard's traffic. We refused. (We do not keep detailed logs.) We also shut down the guard.
T
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 27 Apr 2017, at 04:59, David Stainton dstainton415@gmail.com wrote:
What was the guard discovery attack they used? Was it one of the well known published guard discovery attack or another new one?
They did not tell us, but it might have been based on traffic analysis.
On 27 Apr 2017, at 05:06, tor tor@anondroid.com wrote:
Could you share the verbiage you used to refuse the request? Or offer any general guidance for other guard operators in case they receive a similar request? I can imagine there may be certain jurisdictions where refusing such a request might be problematic.
I cannot, it was a conversation that involved other people.
Also, are there any guidelines for reducing the log footprint of a relay? Are the OS defaults generally sufficient, or do operators need to take additional steps to preserve user privacy?
The tor defaults are generally sufficient.
But if you install a caching DNS server on an exit, make sure that no domains are ever logged.
For example, bind9 logs domain resolution errors containing domains by default. (I sent a message to this list about that last year.)
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------
Could you share the verbiage you used to refuse the request? Or offer any general guidance for other guard operators in case they receive a similar request? I can imagine there may be certain jurisdictions where refusing such a request might be problematic.
Also, are there any guidelines for reducing the log footprint of a relay? Are the OS defaults generally sufficient, or do operators need to take additional steps to preserve user privacy?
tor-relays@lists.torproject.org
-
David Stainton -
teor -
tor