Answers in-line. On 1/31/16 5:00 PM, amuse wrote: > Hi Fabio: > > TLDR: No, I haven't and wouldn't try this. > > > If I understand, you're asking "Why don't TOR operators discriminate on > traffic by passing packets to popular, acceptable sites and > discriminating against traffic headed "elsewhere" by re-routing it. > > This view ignores a few fundamental facts underlying the very existence > of TOR.
>From the point of view of a Tor users, there's absolutely no change in the Threat Model. >From the point of view of a Tor Relay operator, there would be a better resiliency against takedown due to Abuses. > > 1) That tools such as TOR exist specifically to enable that last 10% of > "dangerous" traffic - given that every political regime gets to decide > what they think is "Dangerous". In Saudia Arabia, criticism of the king > is dangerous traffic. In China, discussion of the Tienanmen square > massacre is also dangerous. TOR exists specifically to facilitate this > traffic. We are not speaking about whats "Dangerous" for a Tor user, but what's "Abuse-Generating" for Tor Operator. I think that most of those discussions you're referring to: - does not trigger abuses being sent to the ISPs - happens mostly on major internet platforms (let's say the top-30) > > 2) That the most objectionable traffic will probably be going to a lot > of the top-30 websites, as that's where political discussions need to be > brought to gain any sort of critical mass to bring them out of anonymous > online enclaves and translate them into real political activity. > > Finally, I wonder whether you have any experience actually, in practice, > trying to differentiate traffic as "abuse" from "not abuse". If there > were any even close-to-accurate ways of doing this, I suspect ISP's > would already be doing it and even your abusive TOR traffic would get > dropped at peering connections. When i used to run Tor Exit relays, i never received abuses coming from traffic being directed to major internet websites (ie: google, facebook, wikipedia, etc). The ISPs are already doing that, it's called "Traffic Engineering", but it's not done due toe "abuse" or "not abuse", because the abuses are not a major issues for an ISP. Abuses are a major issues for Tor operators, not for ISPs. > > In practice, it's very difficult to tell if even "clearly abusive" > traffic - say, XSS attempts or SQL injection scanners - are abuse by > some annoying hackers, or research by someone trying to assess how many > home IP cameras are vulnerable to being part of a botnet, or even an > authorized pen-tester just checking out their client's distributed offices. Any digital attacks attempt going trough Tor, has to be considered abusive, because it generate abuses. Btw if you try to make a web attacks against: - Facebook or Google or (no abuse received) - A major abuse (abuse received) That's why traffic engineering with such a multi-homing approach, could really works differentiating traffic designated to top-internet-destination (that does not generate abuses but may represent most of the traffic) vs. rest of the internet (that's likely a minor part of the traffic, but in this chunk there's surely the abuse-generating one). Btw it's not easy to be technically implemented Fabio -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
