What's up with Tor?

Between August 16 and today, the number of directly-connecting Tor users has increased from about 0.5e+6 to about 2.4e+6, and there's no sign of a plateau.

-https://metrics.torproject.org/users.html?graph=direct-users&start=2013-08-01&end=2013-12-31&country=all&events=off#direct-users

-https://metrics.torproject.org/users.html?graph=direct-users&start=2010-01-01&end=2013-12-31&country=all&events=off#direct-users

It's possible that a botnet now accounts for over 80% of Tor clients.

I've used "2013-12-31" as the end date, so the linked charts should reflect current data through then.

 

That seems to be a common guess...

TorrentFreak: PirateBrowser Hits 500,000 Downloads, Tor Traffic Surges

The Register: Tor usage up by more than 100% in August

Naked Security: Tor usage doubles in August. New privacy-seeking users or botnet?

 

Large botnet cause of recent Tor network overload.

-- Tom

 

After talking with friends, I get that it's far worse than an overload

There are currently about 4000 Tor relays. If 10% of those 3-5 million bots become relays, they'll comprise 90% of relays. That's not a good thing

 

Can someone explain please in simple terms how or if this affects Tor users...

Thx

 

The botnet is slowing down Tor, because relays are being overloaded with requests from millions of new "users" (which are actually bots).

But the bots aren't really doing anything yet. What's overloading Tor relays is just the typical startup process that all Tor clients do (testing the network, prebuilding circuits, etc).

If these bots actually start using Tor, it will fall down. Maybe they'll all go away then, as their owner realizes that this plan isn't working.

Another strategy for the botnet owner would be helping Tor to handle the load. But that would not be a good thing. If enough of these bots become relays, it will become likely that your Tor circuits will only use botnet relays. And so you will have no anonymity against the botnet.

See?

 

Have you seen this ?

http://www.informationweek.com/secu...nonymity-cracked-fbi-porn-investiga/240159424

 

You mean this? And this?

We were talking about it here in this forum before that article was even published.

 

Sorry.:
Obviously, I missed those threads.

 

Damn botnets. Slowing down my Tor.

 

Mirimir thanks for your reply which has helped, but lol Im not sure I totally "see" yet. I've heard of a botnet but not really understood what they do. I did a startpage look. Reckon Ive got a ways to go before I totally "get" all this.

From what I can gather, and reading the latest links at Wilders etc it's getting pretty dicey using Tor now. :-(. Could this latest fiasco with the botnet be a jack up from the PTB ? (powers that be) or is the jury still out. Is it safe to use Tor for the moment as long as youre using the latest TBB or is that up in the air as well.

I've always been security and privacy minded, and as such, Ive frequented forums of this type over the years. Therefore it is of no surprise to me AT ALL this has all played out the way it has. Even with my limited knowledge security wise, Ive warned people in my circle for years and had my fair share of being called paranoid etc.

That said, Ive played around with Tor many years ago mainly out of interest and as a challenge to get it up and running with privoxy and all. Being on dialup it was so slow as to be ridiculous so I just dropped it. I didn't use it for years then I heard about the TBB last year and thought I'd give it a go again. I was STUNNED and amazed at the speed and yes, still on dialup. Now, since Im on BB it's been a real treat.

This will be a sad blow for the internet if this is the end of Tor.

 

A botnet is just a bunch of computers that are being controlled remotely (by the botnet owner). But botnet owners generally don't advertise their presence by using too many resources.

For the moment, using Tor is probably safe, if perhaps slower than usual.

It's impossible to say who's running the botnet.

You can follow the news at https://blog.torproject.org/blog/ .

Yes, the past few months have been amazing.

Yes, Tor has been much faster, until recently

Indeed.

 

Ooops, my bad guys. I left my botnet calculating the perfect cheese ratio for my cheese on toast sandwiches. Sorry! Also if those bots became relays and the bot farmer is benevolent, and TOR was previously compromised, TOR would have a new level of security due to the level of new relays.

 

"Bot farmer" and "benevolent" seem mutually exclusive.

Maybe retired bot farmers can become as benevolent as Bill Gates

But still, having 90% of relays run by one entity (no matter how apparently benevolent) breaks Tor's security model.

 

You have to remember, if it was a true benevolent force it would take the governmental nodes for example from say 50% -> 1% which would be a big win. But that's a big if. Its also super possible for this to be a USGOV black-ops botnet to do the exact opposite of what a benevolent force would do.

 

If you look at Tor user count from the beta method, the only countries without huge increases since mid August are Israel, those that block Tor access (e.g., Iran and China) and those with very few users.

All users: -https://metrics.torproject.org/users.html?graph=userstats-relay-country&start=2013-01-01&end=2013-12-31&country=all#userstats-relay-country

Israel: -https://metrics.torproject.org/users.html?graph=userstats-relay-country&start=2013-01-01&end=2013-12-31&country=il#userstats-relay-country

-http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload/

It's my understanding that botnet operators may avoid targeting the country where they live. But:

Russia: -https://metrics.torproject.org/users.html?graph=userstats-relay-country&start=2013-01-01&end=2013-12-31&country=ru#userstats-relay-country

We shall see, perhaps.

 

My time difference might be such that theres not many here right now, but is anyone having problems accessing Tor blog? I can get Home page and that's all. Got it before just fine.

 

It was slow a while ago, but it seems OK now.

 

Thanks, just got back in OK. Maybe maintenance or something. Only part of the site was timing out.

 

-http://blog.trendmicro.com/trendlabs-security-intelligence/the-mysterious-mevade-malware/

Edit ...

Israel: -https://metrics.torproject.org/users.html?graph=userstats-relay-country&start=2013-01-01&end=2013-12-31&country=il#userstats-relay-country

Ukraine: -https://metrics.torproject.org/users.html?graph=userstats-relay-country&start=2013-01-01&end=2013-12-31&country=ua#userstats-relay-country

Global: -https://metrics.torproject.org/users.html?graph=userstats-relay-country&start=2013-01-01&end=2013-12-31&country=all#userstats-relay-country

 

[This is not an official response whatsoever but] Some entity(s) may be attempting this as an experiment in order to try to intercept and trace traffic when normally using TOR it would be extremely difficult to do so. This is strictly a surmise from here.