What's up with Tor?

Discussion in 'privacy problems' started by mirimir, Sep 4, 2013.

Thread Status:
Not open for further replies.
  1. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    5,047
    Between August 16 and today, the number of directly-connecting Tor users has increased from about 0.5e+6 to about 2.4e+6, and there's no sign of a plateau.

    -https://metrics.torproject.org/users.html?graph=direct-users&start=2013-08-01&end=2013-12-31&country=all&events=off#direct-users

    -https://metrics.torproject.org/users.html?graph=direct-users&start=2010-01-01&end=2013-12-31&country=all&events=off#direct-users

    It's possible that a botnet now accounts for over 80% of Tor clients.

    I've used "2013-12-31" as the end date, so the linked charts should reflect current data through then.
     
  2. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
  3. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    4,562
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    5,047
    After talking with friends, I get that it's far worse than an overload :(

    There are currently about 4000 Tor relays. If 10% of those 3-5 million bots become relays, they'll comprise 90% of relays. That's not a good thing :(
     
  5. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    564
    Can someone explain please in simple terms how or if this affects Tor users...

    Thx
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    5,047
    The botnet is slowing down Tor, because relays are being overloaded with requests from millions of new "users" (which are actually bots).

    But the bots aren't really doing anything yet. What's overloading Tor relays is just the typical startup process that all Tor clients do (testing the network, prebuilding circuits, etc).

    If these bots actually start using Tor, it will fall down. Maybe they'll all go away then, as their owner realizes that this plan isn't working.

    Another strategy for the botnet owner would be helping Tor to handle the load. But that would not be a good thing. If enough of these bots become relays, it will become likely that your Tor circuits will only use botnet relays. And so you will have no anonymity against the botnet.

    See?
     
  7. wtsinnc

    wtsinnc Registered Member

    Joined:
    Oct 3, 2008
    Posts:
    943
  8. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
  9. wtsinnc

    wtsinnc Registered Member

    Joined:
    Oct 3, 2008
    Posts:
    943
    Sorry.:
    Obviously, I missed those threads.
     
  10. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    520
    Damn botnets. Slowing down my Tor.
     
  11. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    16,837
    Location:
    U.S.A.
    Removed Off Topic Posts. Let's focus on the subject: What's up with Tor? Thank you.
     
  12. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    564
    Mirimir thanks for your reply which has helped, but lol Im not sure I totally "see" yet. I've heard of a botnet but not really understood what they do. I did a startpage look. Reckon Ive got a ways to go before I totally "get" all this.

    From what I can gather, and reading the latest links at Wilders etc it's getting pretty dicey using Tor now. :-(. Could this latest fiasco with the botnet be a jack up from the PTB ? (powers that be) or is the jury still out. Is it safe to use Tor for the moment as long as youre using the latest TBB or is that up in the air as well.

    I've always been security and privacy minded, and as such, Ive frequented forums of this type over the years. Therefore it is of no surprise to me AT ALL this has all played out the way it has. Even with my limited knowledge security wise, Ive warned people in my circle for years and had my fair share of being called paranoid etc.

    That said, Ive played around with Tor many years ago mainly out of interest and as a challenge to get it up and running with privoxy and all. Being on dialup it was so slow as to be ridiculous so I just dropped it. I didn't use it for years then I heard about the TBB last year and thought I'd give it a go again. I was STUNNED and amazed at the speed and yes, still on dialup. Now, since Im on BB it's been a real treat.

    This will be a sad blow for the internet if this is the end of Tor.
     
  13. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    5,047
    A botnet is just a bunch of computers that are being controlled remotely (by the botnet owner). But botnet owners generally don't advertise their presence by using too many resources.

    For the moment, using Tor is probably safe, if perhaps slower than usual.

    It's impossible to say who's running the botnet.

    You can follow the news at https://blog.torproject.org/blog/ .

    Yes, the past few months have been amazing.

    Yes, Tor has been much faster, until recently :(

    Indeed.
     
  14. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439

    Ooops, my bad guys. I left my botnet calculating the perfect cheese ratio for my cheese on toast sandwiches. Sorry! Also if those bots became relays and the bot farmer is benevolent, and TOR was previously compromised, TOR would have a new level of security due to the level of new relays.
     
  15. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    5,047
    "Bot farmer" and "benevolent" seem mutually exclusive.

    Maybe retired bot farmers can become as benevolent as Bill Gates ;)

    But still, having 90% of relays run by one entity (no matter how apparently benevolent) breaks Tor's security model.
     
  16. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    You have to remember, if it was a true benevolent force it would take the governmental nodes for example from say 50% -> 1% which would be a big win. But that's a big if. Its also super possible for this to be a USGOV black-ops botnet to do the exact opposite of what a benevolent force would do.
     
  17. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    5,047
    If you look at Tor user count from the beta method, the only countries without huge increases since mid August are Israel, those that block Tor access (e.g., Iran and China) and those with very few users.

    All users: -https://metrics.torproject.org/users.html?graph=userstats-relay-country&start=2013-01-01&end=2013-12-31&country=all#userstats-relay-country

    Israel: -https://metrics.torproject.org/users.html?graph=userstats-relay-country&start=2013-01-01&end=2013-12-31&country=il#userstats-relay-country

    -http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload/

    It's my understanding that botnet operators may avoid targeting the country where they live. But:

    Russia: -https://metrics.torproject.org/users.html?graph=userstats-relay-country&start=2013-01-01&end=2013-12-31&country=ru#userstats-relay-country

    We shall see, perhaps.
     
  18. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    564
    My time difference might be such that theres not many here right now, but is anyone having problems accessing Tor blog? I can get Home page and that's all. Got it before just fine.
     
  19. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    5,047
    It was slow a while ago, but it seems OK now.
     
  20. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    564
    Thanks, just got back in OK. Maybe maintenance or something. Only part of the site was timing out.
     
  21. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    5,047
    -http://blog.trendmicro.com/trendlabs-security-intelligence/the-mysterious-mevade-malware/

    Edit ...

    Israel: -https://metrics.torproject.org/users.html?graph=userstats-relay-country&start=2013-01-01&end=2013-12-31&country=il#userstats-relay-country

    Ukraine: -https://metrics.torproject.org/users.html?graph=userstats-relay-country&start=2013-01-01&end=2013-12-31&country=ua#userstats-relay-country

    Global: -https://metrics.torproject.org/users.html?graph=userstats-relay-country&start=2013-01-01&end=2013-12-31&country=all#userstats-relay-country
     
    Last edited: Sep 9, 2013
  22. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    766
    Location:
    Headquarters - London & Field Offices -Worldwide
    [This is not an official response whatsoever but] Some entity(s) may be attempting this as an experiment in order to try to intercept and trace traffic when normally using TOR it would be extremely difficult to do so. This is strictly a surmise from here.
     
Thread Status:
Not open for further replies.