Delivery-Date: Thu, 28 Aug 2014 15:59:31 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 281A61E0941;
	Thu, 28 Aug 2014 15:59:30 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 924B330A7D;
	Thu, 28 Aug 2014 19:59:25 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 6837030A7E
 for <tor-talk@lists.torproject.org>; Thu, 28 Aug 2014 19:59:22 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id iFbQ8eEm1eFo for <tor-talk@lists.torproject.org>;
 Thu, 28 Aug 2014 19:59:22 +0000 (UTC)
Received: from mail2.eff.org (mail2.eff.org [173.239.79.204])
 (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 42A9D30A7D
 for <tor-talk@lists.torproject.org>; Thu, 28 Aug 2014 19:59:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org;
 s=mail2; 
 h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date;
 bh=epgx9DutDe0IUxPwF7kpTGQkr59mDe0u4WDOsRTXsvI=; 
 b=eY4RhiyMJNVtOTcQ5DfLjK2q8OLFasS6VAvOOh8hzFp1t8Z7vNjIsJkcj1pqdxKTYmNC834aK8x5DnaZLD/9iBPgruahnrnYzS/zFpu6UBhVZ8WgRlLQ1OPgh9fFyQHhzuE5AQlBqtIRnnX0+UJw7VjN187nMK9VupJxPvNf1SM=;
Received: ; Thu, 28 Aug 2014 12:59:16 -0700
Date: Thu, 28 Aug 2014 12:59:16 -0700
From: Seth David Schoen <schoen@eff.org>
To: tor-talk@lists.torproject.org
Message-ID: <20140828195916.GL17784@mail2.eff.org>
References: <20140828184330.A012340E91@mail.unseen.is>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20140828184330.A012340E91@mail.unseen.is>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [tor-talk] I have a quick question about security of tor with 3
 nodes
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

John Doe writes:

> How can I set the number of relays in the configuration file? Also can you explain why 3 is enough? I hear things of analysis being able to track people trough the various relays they use. This worries me some. Care to help me understand?

https://www.torproject.org/docs/faq.html.en#ChoosePathLength

The link there to the threat model discussion is broken.  A link that
works is

https://svn.torproject.org/svn/projects/design-paper/tor-design.html#subsec:threat-model

Historically, this is one of the most common questions about Tor.

There's evidence that some people have successfully deanonymized some Tor
users, but I don't know of evidence that this has been done by tracing
each individual hop of the path (tracing the users "through" each relay
in turn) or that there's a case where that would be the easiest way to
deanonymize a user.

I guess it's possible that that would be the easiest way if _all three_
relays are malicious and are working together; the problem with trying to
add more relays as a response to that is that the Tor design has assumed,
seemingly correctly, that having just a malicious entry and exit relay
that are working together is enough to deanonymous a user in practice.
Adding more middle relays can't affect the probability of that situation.

-- 
Seth Schoen  <schoen@eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

