You said the governments can see a user bandwidth usage and it is so bad because they can understand a user use Tor for regular web surfing or use it for upload files and... You said governments can see users usages but not contents but how they can find specific users if Tor hide my IP?!!!!!! -------------------------------------------- On Sat, 11/5/16, Seth David Schoen <sch...@eff.org> wrote:
Subject: Re: [tor-talk] Please Remove Tor bridge and... from Censorship countries. To: tor-talk@lists.torproject.org Date: Saturday, November 5, 2016, 11:36 PM Jason Long writes: > Hello Tor Developers and administrator.The Tor goal is provide Secure web surfing as free and Freedom but unfortunately some countries like Iran, China, North Korea and... Launch Tor bridges for spying on users and sniff their traffics and it is so bad and decrease Tor users and security. If Tor Project goal is Freedom and Anti Censorship then it must ban all bridges and Servers from those countries. Please consider it and do a serious job. Tor's approach to this issue is generally to look for ever-greater geographic diversity of servers. The Tor design assumes that there could be monitoring of servers in a particular network, but hopes that this won't be a big problem because most organizations monitoring Tor nodes can only see a part of the overall network. In that case, they can hopefully only see a part of the path that a particular user's traffic takes, so they may not know where the user is and also whom the user is communicating with (though they might know one or the other). In this model, it's not necessarily bad to have nodes on networks that are hostile -- because the people doing the monitoring get incomplete information. At the same time, having nodes in many places can decrease how complete a picture any one network operator or government can get. For example, suppose that the U.S. government, the Chinese government, and the Iranian government are all trying to spy on Tor users whose traffic passes through their territory, but the governments don't directly cooperate with each other. In that case, having a user use nodes in all 3 jurisdictions is probably great for anonymity because each jurisdiction to some extent protects facts about the user's activity from the other jurisdictions, and it's hard for anyone to put the whole picture together. If people want to hide the fact that they're using Tor at all, and are using bridges for that reason, they probably should not use bridges inside their own country. But those bridges could be useful to people in other countries who aren't trying to hide from the same adversary. If an exit node is unable to reach a lot of network resources because of censorship on the network where it's located, it should be possible to detect this through scanning and flag it as a BadExit so that clients will avoid using it in that role. There's still a problem when network operators pool their information or when governments can monitor networks outside of their own territory. This is a practical problem for path selection and also for assessing how much privacy Tor can actually provide against a particular adversary. For instance, if the U.K. government taps enough of the world's Internet links, or trades data about Tor users with other governments, it might be able to learn a lot about a high fraction of Tor users even if they don't use nodes that are in the U.K. That could be hard to fix without adopting a different anonymity design or finding a way to prevent these taps and exchanges of data. People have been thinking about that kind of issue quite a bit, like in https://www.nrl.navy.mil/itd/chacs/biblio/users-get-routed-traffic-correlation-tor-realistic-adversaries and other research projects, and to my mind the news isn't necessarily that good. But the key point is that having nodes on an unfriendly network isn't necessarily bad in itself unless that network actually sees interesting data as a result (or actively disrupts traffic in a way that doesn't get blacklisted from clients' path selection). And that can sometimes happen, but doesn't always have to happen, and people on other networks can still get a potential privacy or anticensorship benefit in the meantime. Notice that this argument doesn't depend on saying that what governments are doing is OK, or that they don't have ill will toward the Tor network or particular Tor users. It also doesn't prove that governments will fail to monitor the network; there's a lot of uncertainty about how effective governments' capabilities in this area are. Finally, there's an issue about identifying which nodes are secretly run by the same organizations (or secretly monitored by the same organizations!) which fail to admit it. This is a form of Sybil attack, where one entity pretends to be many different entities. If a government set up many ostensibly unrelated nodes, and clients believed they were actually unrelated, it would increase the chance that a given Tor user used several of those nodes for the same circuit, decreasing anonymity. Tor can probably do better about detecting this. It's not certain that blacklisting countries would help much with this, because we don't know which governments are attempting this to what degrees, and because they don't have to host their nodes on IP addresses in their own jurisdiction! If the North Korean government wants to do this sort of attack, it can pay to set up a bunch of servers in France and Germany, which users and their Tor clients would think are "French" or "German" but which are effectively North Korean for surveillance purposes. -- Seth Schoen <sch...@eff.org> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
