Delivery-Date: Sat, 19 Mar 2016 21:56:59 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id ABA3B1E0B1A;
	Sat, 19 Mar 2016 21:56:57 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 2C680387DE;
	Sun, 20 Mar 2016 01:56:54 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 669E7387C1
 for <tor-talk@lists.torproject.org>; Sun, 20 Mar 2016 01:56:50 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Oq3dUy8a5APo for <tor-talk@lists.torproject.org>;
 Sun, 20 Mar 2016 01:56:50 +0000 (UTC)
Received: from khazad-dum.seul.org (khazad-dum.csail.mit.edu [128.31.0.47])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "moria.seul.org", Issuer "moria.seul.org" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 4784838639
 for <tor-talk@lists.torproject.org>; Sun, 20 Mar 2016 01:56:50 +0000 (UTC)
Received: by khazad-dum.seul.org (Postfix, from userid 501)
 id B835F1E0B1A; Sat, 19 Mar 2016 21:56:47 -0400 (EDT)
Date: Sat, 19 Mar 2016 21:56:47 -0400
From: Roger Dingledine <arma@mit.edu>
To: tor-talk@lists.torproject.org
Message-ID: <20160320015647.GR8732@moria.seul.org>
References: <nci43k$3ee$1@ger.gmane.org>
 <CAJVRA1SOk_FBO7wXi_tHbFzfPdG21KK5M++45iGcv9tJ8uRs3A@mail.gmail.com>
 <20160319034044.GQ8732@moria.seul.org> <ncjbkj$tfr$1@ger.gmane.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <ncjbkj$tfr$1@ger.gmane.org>
User-Agent: Mutt/1.5.20 (2009-12-10)
Subject: Re: [tor-talk] Traffic shaping attack
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Sat, Mar 19, 2016 at 11:02:44AM +0000, Oskar Wendel wrote:
> Let's assume that the service is extremely popular, with over 6 terabytes 
> of traffic each day, and a gigabit port almost constantly saturated.

This assumed scenario seems extremely unlikely to be happening in
practice. First because there aren't any relays that are doing 1gbit/s
of traffic, so no onion service would be able to do that to its guard
(unless it used many entry guards and spread the load over them, in which
case it would be screwing its own anonymity). And second because the
graph at https://metrics.torproject.org/hidserv-rend-relayed-cells.html
shows there's only something like 1.4gbit/s of onion service traffic in
the whole network. And third because scalability issues in the current
design make onion services unable to keep up with the number of users
that you're describing.

So I worry that it sounds similar to the "omg they're hidden so they
must be *huge*" mistake that a lot of the media suffers from.

> This is not a theoretic attack. This is something that has been noticed 
> on one of illegal sites and I expect many busts around the globe in the 
> coming weeks.

More details please? This is not a crazy possibility, but it would be good
to know exactly what evidence we have for its being true. For example,
if somebody noticed "I get a burst of cells from this onion service,
then a few seconds of silence, then I get another burst of cells",
that's actually a property of our current load balancing algorithm,
and not necessarily evidence of an intentional signal being injected
into the circuit.

--Roger

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

