>This could cost less than $5000 for a month

I ran a bunch of nodes for a couple years and that's optimistic by perhaps an order of magnitude. No $5 a month VPS provides enough bandwidth to sustain the monthly traffic of a Tor node, and nodes need to be continuously online and serving traffic for about 2-3 months[1] before they will be promoted to guard relays. Throttling traffic to stay in your bandwidth allocation will just get you marked as a slow node and limit the number of connections you get. Sustaining just 1 Mbps will blow your monthly transfer allocation on the cheap tiers of both Digital Ocean or Linode.

[1] https://blog.torproject.org/lifecycle-of-a-new-relay/

>Surely eventually I'm going to get a hit where all three nodes in the circuit are my nodes that are logging everything?

The word "eventually" is doing a lot of heavy lifting here. Let's say you actually manage to add 1000 servers to the tor network somehow without getting detected. The network currently sits at just under 8000 nodes. For simplicity, lets also ignore that there are different types of nodes and geographical considerations and instead just ask what is the probability that someone randomly chooses three nodes that you own. The answer is less than 0.14%. If that someone decided to use 4 nodes to be extra-safe, that number goes down to 0.015%. And it decreases exponentially for every additional relay he adds. Combine this with the fact that tor nodes are actively monitored and regularly vetted for malicious behaviour[1], and these attacks become increasingly difficult. Could someone like the NSA with limitless resources do it? Quite probably, sure. But could you or any other random guy do it? Almost certainly not.

[1] https://gitlab.torproject.org/tpo/network-health/team/-/wiki...

Edit: For all the cynics and doomsayers here, consider this: Tor has been around for a long time, but there has never been an uptick in arrests that could be correlated to cracking the core anonymity service. If you look closely at the actual high profile cases where people got busted despite using tor, these people always made other mistakes that led authorities to them.

You only need to control the entry and exit node - since you know the next and previous hop for all traffic you touch, and default chains are 3 long. With circuits changing every 10 mins, within a few days you would have deanonymized at least some percentage of traffic for nearly every user.

I'd call tor broken against any adversary with a little technical skill and willingness to spend $5000.

I'm 80% sure Tor is designed as a US supported project to focus those needing anonymity into a service only governments with global security apparatus (who can grab a good chunk of internet traffic) can access.

This came out yesterday: https://www.youtube.com/watch?v=Gs0-8ZwZgwI

Apparently in germany they caught a pedo like that. Watching certain nodes and the sizes of files that are sent between them to identify the admin of a pedophile image sharing forum. Took them 1 1/2 years to identify the specific person, but they got him.

Considering this I would imagine it's pretty safe for the average user since they have to specifically target you for a long time, however it seems like with enough effort it's possible to identify someone even without Clearnet slip-ups like it was the case with Silkroad.

Once they have your address they will just storm your house and catch you on the computer, then you are done for.

Using Tor, like all security and privacy tools, must be balanced against what it is being used for. We will always live in a world of limited resources for policing, and systems of privacy work by increasing the difficulty and cost to deanonymize someone. They don't have to be perfect, they just have to be expensive.

If you want basic anonymity while researching someone powerful or accessing information, it's extremely unlikely anyone is going to go the lengths people are bringing up here as a way to compromise Tor. The intersection of expertise, funding and time required is too great for such a low value target.

If you're an international terrorist leader wanted in multiple countries, a prolific criminal, or enemy #1 of an authoritarian state though? Those who can go to those lengths absolutely will go to those lengths.

Tor Project has a team that looks at relays and checks if relays are engaging in bad practices or any suspicious activity like a lot of nodes run by one operator.

https://community.torproject.org/relay/governance/

If your nodes disclose their affiliation that's fine but the client will avoid using multiple. If you try to do this in secret the tor project will attempt to catch you by looking for suspicious nodes that use the same isp and update their tor version at the same time and things like that, to questionable success.

This attack is quite practical. In 2007 I controlled a huge chunk of Tor traffic from 2 racks of cheap servers in a basement on Folsom Street in SF. It was easy to arrange and nobody noticed. Yeah those were early days for Tor but I don't think scale changes anything. If you're using Tor because you think it is private, you have fooled yourself.

Yes, there aren’t that many tor nodes. It’s not the safe haven protocol or transport suite people make it out to be.

I wholeheartedly agree, the 'dragnet' methodology is already documented and well-known and that should factor into your security assessments.

> Surely eventually I'm going to get a hit where all three nodes in the circuit are my nodes that are logging everything?

If you're looking for static assets, why would you need to see the whole chain? Wouldn't a connection to a known website (page) have a similar fingerprint even if you wrap it in 3 layers of encryption? Does Tor coalesce HTTP queries or something to avoid having someone fingerprint connections based on the number of HTTP requests and the relative latency of each request?

I've always assumed that, if a global adversary attack works, you'd only need to watch one side if you're looking for connections to known static content.

I don't know much beyond the high level idea of how Tor works, so I could be totally wrong.

It'd be ten times that cost, easily. You have to buy data volume.

Also since you aren't targetting specific people, rather specific interests, it'd be easier to setup an irresistible site serving content of the vice of interest. It can even be a thin wrapper on existing sites. Do you only need to control entry nodes in that case? You'll return user-identifying data in headers or steganographically encoded in images and since you control the entry node you can decrypt it. It doesn't work for a normal (unaffiliated) entry node but since your entry node is in collusion with the server I think this works.

Yes it’s 100% going to be compromised if you are an enemy of the US government.

The primary purpose of tor is for their own use, which is why they have developed and funded it. So the underlying principle is secure, but they’ll definitely be paying for enough of the nodes to compromise it for you.

With v3 hidden services, relays can no longer see the plaintext of the hidden service's url.

You didn't think someone would notice if the Tor network has 1000 new nodes setup similarly? Or, I suppose, if you find enough heterogenous people and pay them to log their nodes, you're not going to get noticed?

The issue that TOR has is that it's a layered routing concept that won't respect ASN based spreading/scattering of traffic.

Circuits are temporary but the traffic is not scattered across the network to make MITM fingerprinting of request/payload sizes/timestamps impossible.

A typical MITM like the FBI surveillance van next door can identify you by observing the network packets and by _when_ they were requested and by _how large_ the payloads were. There was a famous court case where this was enough evidence to identify a user of an onion service, without the FBI having access to the Wi-Fi of the user. But they had access to the exit node logs that were encrypted, the pcap logs to the onion service from that exit node, and the encrypted Wi-Fi packets of the user.

(Also TLS lower than 1.3 and SNI related problems are relevant here, because DNS TTL 0 effectively makes everyone's privacy compromised, shame on you if you set a DNS TTL to 0)

My point is that with more randomized hops across the network and across ASNs it would be less likely that a threat actor can control both guard and exit nodes.

(Assuming that they parse RIR datasets to map organizations across ASNs, which the datasets already provide)

They have systems in place to eliminate large nodes coming online at the same time. There is some discussion about it in the blog post comments.

If you thought of this in 10 minutes (or 6 months, or...) as one smart individual, I'd assume any government of any country you've heard of has been doing this for a while.

Wasn't there a thing years ago where the NSA only needed 2 out of the 3 nodes if they got the right ones? Not sure if that was fixed with guard nodes or is still a thing.

Your 1000 Tor nodes would quickly be detected as bad relays and be removed from the network. It would also cost you far more than $5,000 a month.

The skilled labor to set that all up, especially in a way that TOR won't notice and shut you down will be worth much much more than $5k.

People that have such a sophisticated and resourced team actively hunting them down, likely know about it, and are using many additional layers of security on top of TOR. Even just for personal use out of curiosity to "see what the darkweb is," I used 1-2 additional methods on top of TOR.

I think so.

And of course for a state-level actor, they can afford a couple orders of magnitude more spend prob too.

But the more who use it and/or host tor nodes...

Might one mitigating possibility be to use a VPN that uses padded and rate limited packets, so that it is always sending and receiving user_defined bit rate and your real traffic would be traffic shaped to take priority but not exceed the padded streams? Maybe this assumes one is running their own tor daemon on a server somewhere and the vpn terminates on that node. I assume this could be done with tc sch_htb class shaping or perhaps sch_cake and tagging packets with iptables mangle rules and two never-ending bi-directional rsync streams reading /dev/urandom or big random files.

e.g.

    Port 873 (native rsync) bulk traffic, low priority
    Port 3128 (squid mitm ssl-bump proxy) high priority

Also relevant - wikipedia for Boystown, the pedo site in question

https://en.wikipedia.org/wiki/Boystown_(website)

This should be the article linked at the top.

Agreed – you can never truly be completely "safe", but Tor remains the most privacy-preserving tool we've got.

When people say they're distrustful of Tor (for various reasons) to the extent they refuse to use it, they seldom suggest alternative tools/measures that provide anywhere near the level of safety offered by Tor.

>If all you’re doing is arguing that Tor shouldn’t be used because it isn’t/was never “safe”, then you might as well not use the Internet at all.

Exactly, and this same form of spurious argument came up in an hn post yesterday about cavity prevention, centering on an argument that a new advance in cavity treatment "cannot guarantee" to end cavities forever. [0]

I feel as though I've never been fooled by these arguments, although surely I have different types of weaknesses that are unique to me. But it seems to stand out as a form of argument that somehow has persuasive power among intelligent types whom I would never expect to fall for other forms of obviously fallacious arguments.

0. https://news.ycombinator.com/item?id=41573550

I wish the people back in the 90s understood this when trying to set up encrypted email.

Well, for the sake of clarity I would say Tor is safer only if it’s not a honey trap. That is not knowable as a user, but I think that suspicion is well-deserved.

I think the Middle East gave us a very clear example of how state actors may target channels in unexpected ways.

This misses the point, the user in question was fully deanonymized. This blog post is saying that those successful techniques are no longer usable.

It's entirely appropriate to pursue a defense in depth strategy while questioning any particular layer.

But that's half the point. If someone has an intention to undergo some illegal activities with full intention not to be caught, only 100% "safe" solution works for them. Normally we talk about risk tolerance, but this particular use case is a bit special.

Nice presentation. Ironically the ?si= parameter is for tracking. You should remove it.

Yup, that's how they got Ross Ulbricht.

Idiot used "rossulbricht at gmail dot com" under the same username he advertised silk road.

Timpestamp link about Ross: https://www.youtube.com/watch?v=eQ2OZKitRwc&t=2080s

I suspect that the reporter has a bone to pick with Tor and the CCC members that were given the documents were compelled legally or socially to not share them further.

The information comes from the NDR (link im neighboring thread), not the CCC. The CCC only got to see the documents via the NDR.

Maybe they want to reveal it on the CCC in december?

curious about this as well

“The western governments run most of the exits” is one of those things everybody “knows” but rarely backs up.

The list of all relays is public knowledge by design. There’s contact information attached to relays. The big operators are known individuals and organizations. They contribute. Interact.

Which ones are actually the governments doing bad things against their citizens? It’s hard to tell? Then why do you make such claims?

Relays that observably do bad things are removed from the network all the time. Are those ones the government? Tor seemingly has a reasonable handle on the situation if that’s the case.

If the fed is doing correlation attacks, why would they run relays at all? “Just” tap the IXPs near major hubs of relays. Or heck, get data from the taps you already had. Silent and more widespread.

Pushing people away from tor potentially makes it even easier to deanonymize them, depending on the adversary model assumed.

You'd be surprised how much crime goes on in plain sight. There are literally people on Instagram making stories of themselves showing off their drugs and stacks of money.

Given that a lot of law enforcement doesn't even bother with the low hanging crimes, the chance of them prosecuting anyone using Tor is extremely low unless you get big enough or go far enough to warrant the attention.

Please read the blog post:"It is important to note that Onion Services are only accessible from within the Tor network, which is why the discussion of exit nodes is irrelevant in this case."

Monitoring exit nodes does not necessarily reveal hidden services, though.

Edit: Never does, exit nodes are not part of the circuit, thanks to commenter below.

If they run just the exit node they still can’t de-anonymize you right?

This brings up a couple questions I've always had about Tor. I played around with it a bit maybe a decade ago and it seemed it was used for drugs, CSAM, and getting yourself honeypotted trying to buy illegal guns or murder-for-hire.

I always assumed if you were doing things where your threat model included governments trying to kill you that Tor wouldn't be all that useful even if it was secure.

Most governments value their law enforcement obligations and/or desire for surveillance more strongly than an Internet that is protected from spying, so good luck with that.