Opened 3 years ago

Closed 3 years ago

#18136 closed defect (duplicate)

Tor is vulnerably to sybil attacks. How are you dealing with it?

Reported by: cypherpunks Owned by:
Priority: Medium Milestone:
Component: Core Tor/Tor Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


It's time to realize that Tor is vulnerable to sybil attacks. Adversaries, such as NSA and GCHQ can make enough Tor relays to fully deanonymize everybody using Tor with high probability. The base of the Tor security is the idea that an adversary cannot control more than one relay in a circuit, it is true if the relays are intended to protect the owner of the networks and are controlled mostly by the owner of the network, but it is not true if your goal is to protect anyone and adversary is able to create a lot of malicious nodes contributing to your network.

How are you dealing with this? Don't say 'sybilhunter', it's easy to bypass it by fairly creating relays as anyone creates them: just order the employees to lend enough VPSes in different datacenters and install Tor on them. Don't say 'it costs too much', NSA has huge budgets.

How are you dealing with this?

Child Tickets

Change History (1)

comment:1 Changed 3 years ago by teor

Resolution: duplicate
Status: newclosed

Given the asymmetrical nature of the conflict, and the disparity in funding you allude to, I'd say we're coping with it fairly well.

It's worth noting that tor relays are untrusted. And that in at least some documents, the NSA has concluded that running tor relays is a poor return on investment.

That said, there's active work on connection padding, guard rotation and vanguards going on in various tickets. Check out the last few weeks of tor-dev mailing list archives for details.

Finally, this isn't a Q&A site. Closing this ticket.

Note: See TracTickets for help on using tickets.