Hi, I have read here that the number of relays per IP was set to 2 for Sybil attack prevension but is now moving to 4 and perhaps 8 after that. Doesn’t each increase take us further from Sybil attack protection and more into an unknown area of vulnerability?
You might recall that Tor is restricting the possible amount of Tor relays per IP address to 2, mainly for Sybil prevention reasons
we raised that limit to 4 with the help of the directory authorities
Bando via Tor Project Forum:
Hi, I have read here that the number of relays per IP was set to 2 for Sybil attack prevension but is now moving to 4 and perhaps 8 after that. Doesn’t each increase take us further from Sybil attack protection and more into an unknown area of vulnerability?
We’ll see how this goes with the new amount per IP address (4), but we
believe the slightly increased risk involved in that step is definitely
worth it: our good and trusted relay operators can finally make better
use of their powerful hardware to the benefit of our users. Setting the
limit to 2 was never meant to be a silver bullet either as we have seen
from the numerous Sybil attacks we had over the years…
You might recall that Tor is restricting the possible amount of Tor relays per IP address to 2, mainly for Sybil prevention reasons
we raised that limit to 4 with the help of the directory authorities
Visit Topic or reply to this email to respond.
You are receiving this because you enabled mailing list mode.
To unsubscribe from these emails, click here.
I also would like transparency about how one becomes trusted? There was a thread on Tor Reddit a few months back, an operator of nodes based in Poland was told they must agree to a camera enabled video conference to discuss limitations set upon them. The service operators are associated with controversial activism so refused to agree and as a result their entire family of relays was removed.
How slightly is the risk expected to be increased? As in with real terms, how much easier would it make Sybil attacks? As you state Tor Network has already suffered multiple Sybil attacks with maximum IP’s set to 2 so surely increasing to 4 would only double the problem? I believe I speak for most users in saying we would prefer maintaining or improving current security rather than adding potential weakness in exchange for better speed. Tor Network is expected to be slower and with the release of Base Browser users will have the option of Tor Browser system protection with their own network so speed is less of an issue regardless. I hope this experiment doesn’t result in some percentage of users becoming unmasked, quantifying people by percentage is rough so the damage could be incalculable if things get exploited.
Bando via Tor Project Forum:
I also would like transparency about how one becomes trusted? There was a thread on Tor Reddit a few months back, an operator of nodes based in Poland was told they must agree to a camera enabled video conference to discuss limitations set upon them. The service operators are associated with controversial activism so refused to agree and as a result their entire family of relays was removed.
“Trusted” is a tricky concept. For the context of my mail it meant relay
operators that have contributed for quite a while to our network, which
are engaged in our community trying to make it and the volunteer-driven
network more robust and better, and which we have met over the years at
different conferences and other events.
If you are interested in the trust topic and what it could mean related
to relay operators and running relays then a good starting point is
Map out possible plans for quantifying and improving our trust in relays/operators (#61) · Issues · The Tor Project / Network Health / Team · GitLab.
From what I can see it doesn’t offer much explanation at all, rather just movements of users and Arma saying he has unassigned himself. It honestly seems very sketchy to me.
Do you have any response to my other question?
Bando via Tor Project Forum:
From what I can see it doesn’t offer much explanation at all, rather just movements of users and Arma saying he has unassigned himself. It honestly seems very sketchy to me.
I don’t think it’s sketchy at all. It was not meant to provide any
explanation but to give you an understanding/context of where we are in
the thinking process with respect to this topic. There are links you
could follow in that ticket as well that might give you even more
context. If you are not interested in that topic, fair enough. It’s fine.
Actually, speed and “why Tor is slow” is the top issue/complain right now. You can even see it here: Tor is much slower latterly than it used to be.
Due to a DDoS attack. Its not an ongoing issue and to experiment with the safety of users in exchange for a slightly better speed seems very unwise to me
I’d also appreciate if my second question could be addressed. It has twice now been ignored which makes me duly suspicious
Bando via Tor Project Forum:
Due to a DDoS attack. Its not an ongoing issue and to experiment with the safety of users in exchange for a slightly better speed seems very unwise to me
That’s just wrong. It’s not only due to the (ongoing) DDoS attack.
Speed/performance limitations on Tor’s side has been the number 1
complaint for years.
Bando via Tor Project Forum:
I’d also appreciate if my second question could be addressed. It has twice now been ignored which makes me duly suspicious
There is no need to panic if you don’t get the answer you want within
24h, really. Moreover, Gus replied to your post, so implying that folks
are ignoring your comments doesn’t seem to be a smart idea either.
We have better tooling and an active network health team nowadays that
should mitigate the potential risks by doubling the allowed relays per
IP address. Additionally, given that I expect known good and trusted
operators to make use of that new limit it might even make it harder for
the casual Sybil attacker to achieve the same bandwidth weight per spent
$$$ compared to the status quo ante. Just some food for thinking, I have
not done the math and we might not have the data yet for drawing that
conclusion. Regardless, what I said in my first sentence still stands.
I accept that but Tor Network is inherently going to be slower than the browsing experience most are familiar with due to the hops, latency and encryption wrapping/unwrapping. A few days ago I downloaded a file through Tor Browser while connected over a multi hop wireguard VPN and I was getting 2mbps - 5mbps. Its not fast enough to smoothly stream 1080p A/V but doesn’t the Tor Manual request users avoid downloading large files over the network as it slows things down for everyone else chained to the pathway? Speeds need to improve based upon opinion whereas security needs to either be maintained or increased based upon facts.
