Congestion Control Arrives in Tor 0.4.7-stable (opens in new tab)

(blog.torproject.org)

149 pointshaakon4y ago24 comments

24 comments

14 comments · 3 top-level

wincy4y ago· 7 in thread

Isn’t Tor at this point widely suspected to be compromised by state actors? Aren’t people who use Tor for nefarious purposes arrested regularly these days?

ajvs4y ago

People arrested for their darknet activities have always had OPSEC failures that out them like reusing known email addresses or usernames.

Being deanonymised during normal Tor browsing is extremely difficult and I'd challenge you to post cases where Tor itself lead to it.

orbital-decay4y ago

Just curious: does Tor have anything against timing analysis by an actor with state-level resources? My impression is it's extremely hard to defend against in general, and it's employed by governments against both .onion servers and users browsing the clearnet (although I don't have concrete evidence). AFAIK some sites in .onion get DDoSed on and off routinely, possibly to locate the origin of the server.

uluyol4y ago

There has been plenty of work on how to de-anonymize Tor users over the years, e.g., see https://www.cs.princeton.edu/~jrex/papers/usenixsec15.pdf.

There's no doubt in my mind that state actors have been putting similar techniques to use.

1 more reply

greggsy4y ago

The application is open sourced [1], and it gets a lot of attention from all manner of people, ranging from nation states (both ‘good’ and ‘bad’ guys, depending on what you’re using it for and from where) and activist researchers.

It’s almost certain that some state has an application exploit sitting on a shelf somewhere, which might only be useful in some extremely niche use case, but it’s unlikely that it’s routinely ‘compromised’ in the way that sensationalised media might put it.

What’s more likely is that an exit node has been owned, or is actually operated by some nation state. Even then, you might not even see the actually traffic if it has been re-routed.

The most likely scenario is an OPSEC failure - turns out you need to be very, very good at operations and online hygiene if you want to hide your illicit activities online shocked pikachu.

[1] https://gitlab.torproject.org/tpo/core/tor

sporksmith4y ago

... No? Could you be more specific?

Disclaimer: am a Tor developer and employee.

dhzhzjsbevs4y ago

Not op, and generally agree that the tech is safe.

One potential problem is that it's suspected state actors run a large amount of exit nodes.

1 more reply

wincy4y ago

I remember reading this article and being concerned that state actors had simply flooded the tor nodes to allow them to them to perform attacks to deanonymize a user. It’s possible that Arstechnica just has some agenda against Tor because it seemed like for awhile they were putting out articles like this every few months on the Tor network and people being arrested who used Tor.

https://arstechnica.com/information-technology/2013/08/tor-u...

1 more reply

sporksmith4y ago· 4 in thread

Tor dev here! We're super excited about this launch!

The lead dev on this feature, who also wrote the blog post, is taking some well deserved r&r after getting this feature out the door. I was somewhat tangentially involved (I work on the Shadow simulator, which we used to test, evaluate, and tune this feature) but can take a stab at answering questions.

Otoh comments on the blog post itself are likely to be seen by more experienced tor devs than myself :)

throwaway2022054y ago

Thanks for working on Tor!

Slightly off-topic but do you have any pointer for someone who would like to help optimizing Tor? The current documents portal [1] has a big "OUTDATED" banner attached, and the WIP new portal contains too little information for me to make sense of how Tor works internally.

I worked on some areas of TBB before, but still feel like I don't know enough about Tor's internal.

[1]: https://2019.www.torproject.org/docs/documentation#DesignDoc

sporksmith4y ago

The spec documents linked from there are the most canonical documentation, though the gitweb link will probably be deprecated soon in favor of gitlab. https://gitlab.torproject.org/tpo/core/torspec

As always it's probably a good idea to reach out to chat about what you have in mind before getting too far with implementation. #tor-dev on OFTC IRC (bridged to Matrix)

https://www.torproject.org/contact/ https://blog.torproject.org/entering-the-matrix/

hda24y ago

Excellent write up!

How well would the new congestion controls be able to handle udp traffic from aggressively opportunistic protocols like bittorrent over UDP, assuming that datagram traffic is allowed on the tor network?

As far as I know, bittorrent's udp congestion control assumes the network is able to drop packets and clients definitely act accordingly.

sporksmith4y ago

UDP is currently not supported, but we're working on a design for it now https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/p...

beardog4y ago

The latency improvement is especially exciting for me. Thank you Tor team

j / k navigate · click thread line to collapse

24 comments

14 comments · 3 top-level

wincy4y ago· 7 in thread

Isn’t Tor at this point widely suspected to be compromised by state actors? Aren’t people who use Tor for nefarious purposes arrested regularly these days?

ajvs4y ago

People arrested for their darknet activities have always had OPSEC failures that out them like reusing known email addresses or usernames.

Being deanonymised during normal Tor browsing is extremely difficult and I'd challenge you to post cases where Tor itself lead to it.

orbital-decay4y ago

uluyol4y ago

There has been plenty of work on how to de-anonymize Tor users over the years, e.g., see https://www.cs.princeton.edu/~jrex/papers/usenixsec15.pdf.

There's no doubt in my mind that state actors have been putting similar techniques to use.

1 more reply

greggsy4y ago

What’s more likely is that an exit node has been owned, or is actually operated by some nation state. Even then, you might not even see the actually traffic if it has been re-routed.

The most likely scenario is an OPSEC failure - turns out you need to be very, very good at operations and online hygiene if you want to hide your illicit activities online shocked pikachu.

[1] https://gitlab.torproject.org/tpo/core/tor

sporksmith4y ago

... No? Could you be more specific?

Disclaimer: am a Tor developer and employee.

dhzhzjsbevs4y ago

Not op, and generally agree that the tech is safe.

One potential problem is that it's suspected state actors run a large amount of exit nodes.

1 more reply

wincy4y ago

https://arstechnica.com/information-technology/2013/08/tor-u...

1 more reply

sporksmith4y ago· 4 in thread

Tor dev here! We're super excited about this launch!

Otoh comments on the blog post itself are likely to be seen by more experienced tor devs than myself :)

throwaway2022054y ago

Thanks for working on Tor!

I worked on some areas of TBB before, but still feel like I don't know enough about Tor's internal.

[1]: https://2019.www.torproject.org/docs/documentation#DesignDoc

sporksmith4y ago

The spec documents linked from there are the most canonical documentation, though the gitweb link will probably be deprecated soon in favor of gitlab. https://gitlab.torproject.org/tpo/core/torspec

As always it's probably a good idea to reach out to chat about what you have in mind before getting too far with implementation. #tor-dev on OFTC IRC (bridged to Matrix)

https://www.torproject.org/contact/ https://blog.torproject.org/entering-the-matrix/

hda24y ago

Excellent write up!

As far as I know, bittorrent's udp congestion control assumes the network is able to drop packets and clients definitely act accordingly.

sporksmith4y ago

UDP is currently not supported, but we're working on a design for it now https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/p...

beardog4y ago

The latency improvement is especially exciting for me. Thank you Tor team

j / k navigate · click thread line to collapse