I'm at an APNIC conference in Jakarta, and they demoed a new tool which shows the interconnections (peering + transits) between AS numbers within a given country (will eventually work for regions).
URL: http://labs.apnic.net/vizas/ Left-panel is IPv4 and right-panel is IPv6.
Here is the fellow who built it: https://www.linkedin.com/pub/geoff-huston/42/828/891
For Tor, this tool helps us prioritize the ASs for new relays. To maximize censorship resistance, we would want relays on AS numbers in the middle (lots of interconnections) that do not currently have Tor relays.
We can imagine giving out Roster bonus points depending on the AS-number. The points would go something like:
AS_i_bonus_points = ASweight(i) / #_Tor_relays_on_AS
ASweight(i) = k * \sum_{j=1}^n num_ips_routed_by_edge_i_j where k is an arbitrary constant (k=1 is reasonable).
This could be very useful for deciding where to put new relays. I'll see if I can access to the raw data that generates these graphs so we have more than just pretty pictures.
Much love, -V
On Thu, Sep 10, 2015 at 1:12 AM, Virgil Griffith i@virgil.gr wrote:
URL: http://labs.apnic.net/vizas/
For Tor, this tool helps us prioritize the ASs for new relays. To maximize censorship resistance, we would want relays on AS numbers in the middle (lots of interconnections) that do not currently have Tor relays.
Yes, assuming they're well connected to censoring AS's and censored users. They're also likely to be wiretapping magnets.
They're also likely to be wiretapping magnets.
That's an interesting point. Can we go deeper into this?
Does this mean that, everything else being equal, the good locations for Tor nodes also happen to be the good locations for surveillance tapping points?
If yes, my first thought was that maybe we'd want to adjust our formula so that Tor relays don't coincide too much with these wiretap points. However, given that the ASs of Tor relays are public I'm not sure it matters---if intelligence prioritizes spying on Tor relays they will simply download the list and tap the desired relays, regardless of where the relay is topographically located.
Taken together, I'm inclined to say this remains the right way to prioritize ASs for new Tor nodes.
-V
On Thu, 10 Sep 2015 at 12:53 grarpamp grarpamp@gmail.com wrote:
On Thu, Sep 10, 2015 at 1:12 AM, Virgil Griffith i@virgil.gr wrote:
URL: http://labs.apnic.net/vizas/
For Tor, this tool helps us prioritize the ASs for new relays. To
maximize
censorship resistance, we would want relays on AS numbers in the middle (lots of interconnections) that do not currently have Tor relays.
Yes, assuming they're well connected to censoring AS's and censored users. They're also likely to be wiretapping magnets. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Thu, Sep 10, 2015 at 3:54 AM, Virgil Griffith i@virgil.gr wrote:
good locations...
intelligence prioritizes spying on Tor relays they will simply download the list and tap the desired relays, regardless of where the relay is topographically located.
There may be situations in which tapping at a particular vantage point will capture most traffic of many relays, such that resources tapping each one of them is unnecessary, even if there is some loss in visibility due to the tap necessarily being some distance from all of the relays thus missing some traffic traversing them on the side.
maximize censorship resistance, we would want relays on AS numbers in the middle (lots of interconnections) that do not currently have Tor relays.
Yes, assuming they're well connected to censoring AS's and censored users.
I think I'm retracting this as gibberish train of thought. At the IP / dpi level, censored is censored, not much getting around it, you either get out to your remote guard, or your local guard gets out to the next hop, or you don't.
Though the well connectedness could help performance such as latency by possibly having fewer hops and policies appear between any two relays.
And diversity seeking that do not go too far out to the edges so as to affect performance. I've yet to lookup the central AS's but I'm guessing they'll all be major transit. And the edge ones will be small ISP's / regionals.
There may be point in locating at the edges that prefer peer with each other, so as to avoid potentially easier aggregate tapping at the core. Though finding those relationships in order to weave those paths is hard.
Reference some other posts I made about traffic arcs across the globe and minimum RTT.
tor-relays@lists.torproject.org
-
grarpamp -
I -
Virgil Griffith