Delivery-Date: Mon, 06 Oct 2014 20:07:15 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 05CFB1E0F31;
	Mon,  6 Oct 2014 20:07:14 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 69BBD30EF5;
	Tue,  7 Oct 2014 00:07:05 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 322ED30EF3
 for <tor-talk@lists.torproject.org>; Tue,  7 Oct 2014 00:07:02 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 3wsepXbVC-u1 for <tor-talk@lists.torproject.org>;
 Tue,  7 Oct 2014 00:07:02 +0000 (UTC)
Received: from mail2.eff.org (mail2.eff.org [173.239.79.204])
 (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 114C630807
 for <tor-talk@lists.torproject.org>; Tue,  7 Oct 2014 00:07:02 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org;
 s=mail2; 
 h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date;
 bh=OQxh255cuiuQJIACJ2EdGgVpHeuydjo9K6sTirexqYQ=; 
 b=LHuM/baCTZmHM1++YTZTPerjpA01wbiE3JoVNUMjAcN3zCxi5z6rUHetzIqJ2SrQvRD2Rkd7HdHMcqtb6XSc/VeJoxJA96Av7pe93Fpoto9MGyisFcn+ffeY5Tb8hQUy15CZKOWRpfoHlKJwlHRN3bG8ZfNHNi/AGdC2xYlgZYI=;
Received: from localhost ([127.0.0.1]:58701 helo=sescenties)
 by mail2.eff.org with esmtp (Exim 4.80)
 (envelope-from <schoen@eff.org>) id 1XbIIt-0000lF-Gj
 for tor-talk@lists.torproject.org; Mon, 06 Oct 2014 17:06:59 -0700
Date: Mon, 6 Oct 2014 17:06:59 -0700
From: Seth David Schoen <schoen@eff.org>
To: tor-talk@lists.torproject.org
Message-ID: <20141007000658.GI10735@sescenties.(null)>
References: <N1-fSah43VDuP@Safe-mail.net>
 <54331857.1040204@riseup.net>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <54331857.1040204@riseup.net>
User-Agent: Mutt/1.5.21 (2010-09-15)
Received-SPF: skipped for local relay
Received-SPF: skipped for local relay
Subject: Re: [tor-talk] isp monitoring tor
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Mirimir writes:

> Tor is vulnerable to two general sorts of attacks. One involves the use
> of malicious relays in various ways to deanonymize circuits. The other
> involves the use of traffic analysis to correlate traffic captured at
> edges of the Tor network (to users and the websites that they access).
> 
> With ISPs, there's the risk that some organization can monitor traffic
> on both ends. It's common to characterize such organizations as "global
> passive adversaries". However, a single ISP (or a firm owning multiple
> ISPs) could do that, if it provides service to both users and websites.
> Also, users who access websites in their own nation via Tor are
> similarly vulnerable to their government.

To expand on this theme, there are several traffic attacks that don't
require an adversary to be truly "global".  Creating a popular relay in
the hope that users who are interesting to you will route through it is a
pretty cheap and powerful attack (and one that motivated the creation of
guard nodes).  And there can be timing attacks just based on (sometimes
rather coarse-grained) knowledge of when a particular anonymous user was
active, which might even come from chat or server logs rather than from
monitoring live network traffic, so long as the attacker does have the
ability to monitor the first hop.

I've taken to saying "someone who can observe both ends" most of the time
instead of "the global adversary".  (I think the Tor developers often say
this too; the global adversary is just someone who can _almost always_
observe both ends.)  A kind of challenging wrinkle is that there are
a lot of conceivable ways that someone could "observe" one end of the
connection.  One sometimes underappreciated way is that someone else who
was observing it at the time of the communication, including a party to
the communication or a server operator, could tell the adversary about
it later.

-- 
Seth Schoen  <schoen@eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

