[wongarsu]

Controlling just the exit nodes doesn't mean much, but by controlling the majority of all nodes you break TOR. If I controll all nodes your connection uses I can trivially deanonymize you (even if you use hidden services). It has also been shown multiple time that it is enough to control the first and the last node of the connection because timing correlation works great.

The upside is that no government would admit to having this capability, so your only worries are extrajudicial measures (e.g. the US does plenty of extrajudicial killings of middle easterners with its drone program) and parallel construction.

[vbezhenar]

Running Tor exit node is dangerous. Very few people would dare to do so. Most of hosters will forbid that.

Now running ordinary Tor node is not dangerous. It does not consume a lot of resources (I'm running node on 256 MB OpenBSD VPS) and hosters don't care at all. It takes few minutes to install and set it up.

So there's absolutely no reason for people not to run Tor node on every server they have access to. And I'm sure that many people do. So I doubt that government control majority of Tor nodes.

If you operate a server, consider installing Tor node. It does no harm, it consumes as much of bandwidth as you will configure and you probably have a lot of unused resources anyway.

[wongarsu]

The flipside of that is that it's reasonable to assume that most (not government run) TOR nodes are run at hosters offering cheap small VPS with cheap traffic and high bandwidth. That gives a few select datacenters where sniffing and correlating network traffic is extremely beneficial for deanonymizing TOR traffic. And if the datacenter operator doesn't cooperate and isn't vulnerable to covert sniffing there are always their uplink providers.

[samstave]

"That gives a few select datacenters where sniffing and correlating network traffic"

Uh,

This was the whole premise of Carnivore... installed in room 641A

https://en.wikipedia.org/wiki/Room_641A

(Btw - this is the room that Twitter was originally routed through...)

Basically I take the defeatest stance at this point...

There is NO privacy or anon. It doesnt exist any longer.

[lozaning]

I ran a TOR exit node at home for a while, I don't recommend it.

Within 30 minutes of my public IP changing, CloudFlare would get wind of it again and then it'd be back to hitting a captcha for 75% of all of my own NOR tor traffic with the same origin IP as a TOR exit node. This among myriad other misadventures resulted in me shutting it off after ~6 months.

[krageon]

> Running Tor exit node is dangerous. Very few people would dare to do so. Most of hosters will forbid that.

Even in the richest parts (relevant because they love forbidding things) of the EU you can find hosters that accept tor exit nodes. As for it being dangerous, that is kind of a spurious argument. Why do you think it is dangerous? Do you know because you tried, or do you "know" because you heard someone tell you it was?

[citrin_ru]

> So there's absolutely no reason for people not to run Tor node on every server they have access to.

There is at lest one: list of tor relays IP addresses is public. Some mail servers use this list as an additional source for RBLs (probably people, who are not familiar with tor don't know the difference between exit nodes and relays and bun all just in case). So it is not a good idea to share mail server IP with a tor relay.

[samstave]

Im guessing that the .gov doesnt run 'many' of the nodes -- but im guessing they have MAPPED them all out and are 0-day exploiting as many as possible.

THIS is what I would guess a state entitiy would be training an AI to do as a function...

[throwaway2048]

Its extremely risky to use 0 days in an indiscriminate manner, especially against targets that are likely to be watching closely.

[jorblumesea]

Govts have almost unlimited resources and willpower. They could easily just detect the tor nodes running, then spin up n /2 + 1 to compensate, giving them majority control. This could be automated.

[Mirioron]

And if two governments do this at the same time?

[devxvda]

Then you have 2(n/2+1) = n+2 servers. QED.

[baalimago]

Wouldn't the fact that several huge organizations all try to own as many nodes as possible make Tor safer? If more than one org try to gain the majority, everyones share will be lesser. I highly doubt that FSB and NSA are both agreeing that only one of them should be allowed to host a huge amount of nodes.

>The upside is that no government would admit to having this capability

Probably because it's very improbable that they have the capability to do so.

[wongarsu]

TOR isn't like bitcoin where you have to own N/2+1 nodes, you only have to see the traffic of the first and last node in each connection you care about. That means any one node can belong to more than one organization.

Suppose the NSA has a project to deanonymize TOR, so they set up TOR nodes. To be less conspicuous (TOR node ips are monitored for geographic distribution) they set up small clusters in various locations, one of them an apartment in Amsterdam. The FSB manages to get a double agent that installs software in those nodes to send the same information to Russia. India finds a 0-day exploit and installs their own data-extraction on those nodes as well. Since it's an undercover installation in Amsterdam usual US government rules don't apply and the ISP used uses Huawei networking equipment, giving China a way to listen in as well. Meanwhile the ISP itself is run by Mossad agents specifically to extract dutch traffic for Israeli analysis, and they struck gold with this NSA op choosing them because they are cheap and have no data cap. The ISP routes the traffic to the internet backbone, where most of it will pass through a GCHQ facility on the British coast.

That's 6 different agencies using the same pair of nodes to deanonymize TOR users, without any deliberate data sharing.

[belorn]

> because timing correlation works great

I have read that research. It works great in a controlled environment without the parallel requests of modern browsers, where packages all arrive in order, and where a high rate of false positives are acceptable. Outside of a lab settings the research gets much more muddy and more speculative that it maybe can be used, but I have yet to see an actually experiment that demonstrate it.