Opened 22 months ago

Last modified 4 months ago

#18268 new enhancement

Make Tor aware of the top-30 destinations of Tor Exit traffic

Reported by: naif Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: privcount-maybe maybe-bad-idea
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor: SponsorQ-can

Description

This ticket is to make Tor aware of the top-30 destinations of Tor Exit traffic, by defining a destination such as "the aggregation of the autonomous system numbers of a specific organization" .

This could require each Tor instance to have an in-memory awareness of, let's say first top 500 destination AS numbers to which he's sending Tor Exit traffic, aggregating them by the owner (es: "Facebook" or "Google"), then with some magic privacy-aware protocol share it with some measurement collection authority that elaborate the "Tor network top 30 destinations by amount of traffic", that get authenticated by some kind of consensus and made it publicly available.

The privacy impact and relevant security risk assessment must be done, understanding effectively what can be measured without harming end-users.

Child Tickets

Change History (9)

comment:1 Changed 22 months ago by naif

Linked discussion A possible way to make end-users to contribute to Tor exit traffic https://lists.torproject.org/pipermail/tor-talk/2016-February/040179.html and related tickets (Enable Exit Policy by Autonomous System Numbers #18267) and (Enable TorBrowser users to become "easy to be run" Tor Exit relay #18269)

comment:2 Changed 22 months ago by cypherpunks

Component: - Select a componentTor

comment:3 Changed 22 months ago by cypherpunks

There is an university running exits and collecting data like

  • destinations of exit traffic (on AS and country level)
  • used protocols based on destination port (no dpi)

https://ins.jku.at/infrastructure/tor-exit-node

comment:4 Changed 16 months ago by nickm

Milestone: Tor: unspecified

comment:5 Changed 5 months ago by nickm

Keywords: privcount-maybe maybe-bad-idea added

I'm not sure this is a good idea, but if it is, perhaps privcount could make it less of a disaster.

comment:6 Changed 5 months ago by cypherpunks

What is the use-case / motivation to collect and publish this data?

comment:7 in reply to:  6 Changed 5 months ago by teor

Replying to nickm:

I'm not sure this is a good idea, but if it is, perhaps privcount could make it less of a disaster.

We are considering doing this for PrivCount with the Alexa top 100 (or so)[0]. We would have a secure counter for each popular (top-level) hostname listed by Alexa. We would not collect any subdomains.

The final figures would be a secure, noisy aggregate of a week (or more) of multiple relays' counts. (The collection protocol is designed so that individual relay counts are never made available. No detailed logs are produced.)

As Alexa is focused on web traffic, this would only cover popular web domains. (Web is the most common protocol over most Tor exits, unless a fully open port policy is used[1].)

[0]: https://github.com/privcount/privcount/issues/179
[1]: http://www.robgjansen.com/publications/privcount-ccs2016.pdf

Replying to cypherpunks:

What is the use-case / motivation to collect and publish this data?

It helps us work out which sites we should test in Tor Browser, how we should optimise the underlying Tor protocol, and what features are important to our users.

Also, some people are curious about what Tor is used for. So some of them perform measurements that are dangerous for users. Others guess based on their own ideas of what Tor should be used for. Having accurate, securely collected data satisfies people's curiosity without harming users or spreading misinformation.

comment:8 Changed 5 months ago by naif

I personally consider this kind of feature and analysis also as an opportunity to create differentiated traffic flows between "non-abuse generating" (as going to top-sites that don't case of sending abuses) vs "everything else" being able to route exit traffic based on abuse-generation policy.

comment:9 Changed 4 months ago by nickm

Sponsor: SponsorQ-can
Note: See TracTickets for help on using tickets.