Comment by sigmoid10
Comment by sigmoid10 a day ago
>Surely eventually I'm going to get a hit where all three nodes in the circuit are my nodes that are logging everything?
The word "eventually" is doing a lot of heavy lifting here. Let's say you actually manage to add 1000 servers to the tor network somehow without getting detected. The network currently sits at just under 8000 nodes. For simplicity, lets also ignore that there are different types of nodes and geographical considerations and instead just ask what is the probability that someone randomly chooses three nodes that you own. The answer is less than 0.14%. If that someone decided to use 4 nodes to be extra-safe, that number goes down to 0.015%. And it decreases exponentially for every additional relay he adds. Combine this with the fact that tor nodes are actively monitored and regularly vetted for malicious behaviour[1], and these attacks become increasingly difficult. Could someone like the NSA with limitless resources do it? Quite probably, sure. But could you or any other random guy do it? Almost certainly not.
[1] https://gitlab.torproject.org/tpo/network-health/team/-/wiki...
Edit: For all the cynics and doomsayers here, consider this: Tor has been around for a long time, but there has never been an uptick in arrests that could be correlated to cracking the core anonymity service. If you look closely at the actual high profile cases where people got busted despite using tor, these people always made other mistakes that led authorities to them.
75% [0] of all Tor nodes are hosted within 14 Eyes [1] countries, so it would actually be quite trivial for the NSA to de-anonymize a Tor user.
It baffles me that Tor Browser doesn't provide an easy way to blacklist relays in those countries.
[0] Here, you can do the math yourself: https://metrics.torproject.org/rs.html#aggregate/all
[1] https://en.wikipedia.org/wiki/Five_Eyes#Fourteen_Eyes
> Edit: For all the cynics and doomsayers here, consider this: Tor has been around for a long time, but there has never been an uptick in arrests that could be correlated to cracking the core anonymity service. If you look closely at the actual high profile cases where people got busted despite using tor, these people always made other mistakes that led authorities to them.
Maybe someone, somewhere, has decided that allowing petty criminals to get away with their crimes is worth maintaining the illusion that Tor is truly private.
It's also worth noting that it's significantly easier to find the mistakes someone has made that could lead to their identity if you already know their identity.