Opened 3 years ago

Last modified 4 months ago

#19959 new enhancement

have a flag for Tor relay location, if a relay is hosted in a data center, cloud or physically secured

Reported by: adrelanos Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: needs-spec tor-relay directory easy
Cc: whonix-devel@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Tor relays should have a chance to express where they are hosted. Perhaps with some setting that can be set in Tor config. Similar to the NodeFamily setting. A request that depends on the good will of the relay host. (Yes, could be faked, vulnerable to sybil attacks and whatnot. Yet, useful. Similar to NodeFamily setting.)

Basically hosted,

  • in a data center or,
  • in private hosted area.

One one hand Tor relays hosted in data centers have great advantages. Some legal advantages, good uplink, good uptime and whatnot.

However, we know from the leaks, that may data centers have a backdoor and front door. So the security of these relays is under attack, since the host cannot control the security and NSL status of the data center / cloud provider.

Once such as Location flag exists, researchers that work on improved Tor routing algorithms could make use of that information.

Child Tickets

Change History (5)

comment:1 Changed 3 years ago by nickm

Milestone: Tor: unspecified

comment:2 Changed 2 years ago by nickm

Keywords: needs-spec tor-relay directory easy added

comment:3 Changed 23 months ago by aruna1234

What is that is exactly required?

comment:4 in reply to:  description ; Changed 23 months ago by irl

Replying to adrelanos:

However, we know from the leaks, that may data centers have a backdoor and front door. So the security of these relays is under attack, since the host cannot control the security and NSL status of the data center / cloud provider.

But the security of all relays (and Internet hosts) is "under attack". They all use ISPs/transit providers/etc. for their traffic and I doubt that private facilities hosting Tor relays have greater physical security than larger cloud providers (obviously exceptions may exist). A user defined flag is not going to help too much here.

Once such as Location flag exists, researchers that work on improved Tor routing algorithms could make use of that information.

This flag could already be determined, perhaps more reliably than user definition, using counts of relays per AS/netblock.

It is also important to ensure that everyone in the network is choosing from the same set of relays. Introducing a distinction between these types of relays would change the anonymity set for users to consist of only users that are using the relays in their set locations, which would be damaging to the anonymity properties of the network.

Can you give an example of an attack that would be prevented or mitigated by this flag?

comment:5 in reply to:  4 Changed 4 months ago by cypherpunks

Replying to adrelanos:
this "flag" could be deployed as contactinfo param:

https://github.com/nusenu/ContactInfo-Information-Sharing-Specification

Note: See TracTickets for help on using tickets.