Comment by panarky

Comment by panarky a day ago

7 replies

View on Hacker News

> what is the probability that someone randomly chooses three nodes that you own. The answer is less than 0.14%.

You calculated the probability that a specific person randomly chooses three nodes of the 1,000.

But that's not the scenario you're responding to.

>> I can't target a specific person, but eventually I can find someone who has all three bounces through tor nodes I control

Tor estimates that 2.5 million people use the network per day.

Let's assume that in a month, 10 million people use it.

Let's also assume that 80% of monthly users are not committing crimes, while the 20% who are criminals make an average of four Tor connections per month.

With those assumptions we could expect a malicious operator who controls 1,000 nodes could capture the sessions of 10,940 criminals in a given month.

Spending less than fifty cents per suspect is less than trivial.

ClumsyPilot a day ago

> could capture the sessions of 10,940 criminals in a given month

Let’s say to do that, and now you have found 10k people accessing pirate bay in countries where it is blocked.

Also you captured someone who lives in Siberia and watches illegal porn, now what?

Many of these will not be actionable, like not criminals you would have interest in.

Reply View 4 replies
  • panarky a day ago

    An autocratic regime of a large nation locks up its critics and other undesirables in camps.

    100,000 activists who haven't been caught yet switch to Tor for anonymity.

    For $60,000, the regime monitors Tor for a year, identifies 6,500 activists, and marches them off to the camps.

    And by discrediting Tor the regime pushes the other 93,500 activists even farther underground, constraining their ability to recruit, limiting their ability to coordinate with each other, and reducing what they can publish about what's happening to their country.

    Reply View 3 replies
    • [removed] 14 hours ago
      [deleted]
      Reply View 0 replies
    • hkt a day ago

      > reducing what they can publish about what's happening to their country.

      To what audience? It isn't quite what you're getting at in your post but this is worth saying: graffiti, zines, contact with journalists, radio operations like pirate radio, all of it is much more established and less uncertain in risk profile than being online. Crucially it may also be more effective.

      Reply View 0 replies
    • [removed] a day ago
      [deleted]
      Reply View 0 replies
Eisenstein a day ago

> could capture the sessions of 10,940 criminals

What does that mean? The way I understand it you would be getting traffic correlations -- which means an IP that requested traffic from another IP and got that traffic back in a certain time period. What does that tell you, exactly, about the criminal? If you aren't looking for a specific person, how would you even know they are doing crimes?

Reply View 1 reply
  • panarky a day ago

    Activists fighting an autocratic regime use a large social media site to recruit, coordinate and publish so they can reach the broadest number of people possible.

    The billionaire owner of the site supports the strongman leader and provides IP addresses for those who post wrongthink on his platform.

    Now the regime can link social media activity of anonymous activists to their real IP addresses, devices and locations.

    Reply View 0 replies