What's up with Tor?

Discussion in 'privacy problems' started by mirimir, Sep 4, 2013.

Thread Status:
Not open for further replies.
  1. mirimir
    Online

    mirimir Registered Member

    Between August 16 and today, the number of directly-connecting Tor users has increased from about 0.5e+6 to about 2.4e+6, and there's no sign of a plateau.

    -https://metrics.torproject.org/users.html?graph=direct-users&start=2013-08-01&end=2013-12-31&country=all&events=off#direct-users

    -https://metrics.torproject.org/users.html?graph=direct-users&start=2010-01-01&end=2013-12-31&country=all&events=off#direct-users

    It's possible that a botnet now accounts for over 80% of Tor clients.

    I've used "2013-12-31" as the end date, so the linked charts should reflect current data through then.
  2. JackmanG
    Offline

    JackmanG Former Poster

  3. lotuseclat79
    Offline

    lotuseclat79 Registered Member

  4. mirimir
    Online

    mirimir Registered Member

    After talking with friends, I get that it's far worse than an overload :(

    There are currently about 4000 Tor relays. If 10% of those 3-5 million bots become relays, they'll comprise 90% of relays. That's not a good thing :(
  5. Reality
    Offline

    Reality Registered Member

    Can someone explain please in simple terms how or if this affects Tor users...

    Thx
  6. mirimir
    Online

    mirimir Registered Member

    The botnet is slowing down Tor, because relays are being overloaded with requests from millions of new "users" (which are actually bots).

    But the bots aren't really doing anything yet. What's overloading Tor relays is just the typical startup process that all Tor clients do (testing the network, prebuilding circuits, etc).

    If these bots actually start using Tor, it will fall down. Maybe they'll all go away then, as their owner realizes that this plan isn't working.

    Another strategy for the botnet owner would be helping Tor to handle the load. But that would not be a good thing. If enough of these bots become relays, it will become likely that your Tor circuits will only use botnet relays. And so you will have no anonymity against the botnet.

    See?
  7. wtsinnc
    Offline

    wtsinnc Registered Member

  8. JackmanG
    Offline

    JackmanG Former Poster

  9. wtsinnc
    Offline

    wtsinnc Registered Member

    Sorry.:
    Obviously, I missed those threads.
  10. ComputersRock
    Offline

    ComputersRock Registered Member

    Damn botnets. Slowing down my Tor.
  11. JRViejo
    Offline

    JRViejo Global Moderator

    Removed Off Topic Posts. Let's focus on the subject: What's up with Tor? Thank you.
  12. Reality
    Offline

    Reality Registered Member

    Mirimir thanks for your reply which has helped, but lol Im not sure I totally "see" yet. I've heard of a botnet but not really understood what they do. I did a startpage look. Reckon Ive got a ways to go before I totally "get" all this.

    From what I can gather, and reading the latest links at Wilders etc it's getting pretty dicey using Tor now. :-(. Could this latest fiasco with the botnet be a jack up from the PTB ? (powers that be) or is the jury still out. Is it safe to use Tor for the moment as long as youre using the latest TBB or is that up in the air as well.

    I've always been security and privacy minded, and as such, Ive frequented forums of this type over the years. Therefore it is of no surprise to me AT ALL this has all played out the way it has. Even with my limited knowledge security wise, Ive warned people in my circle for years and had my fair share of being called paranoid etc.

    That said, Ive played around with Tor many years ago mainly out of interest and as a challenge to get it up and running with privoxy and all. Being on dialup it was so slow as to be ridiculous so I just dropped it. I didn't use it for years then I heard about the TBB last year and thought I'd give it a go again. I was STUNNED and amazed at the speed and yes, still on dialup. Now, since Im on BB it's been a real treat.

    This will be a sad blow for the internet if this is the end of Tor.
  13. mirimir
    Online

    mirimir Registered Member

    A botnet is just a bunch of computers that are being controlled remotely (by the botnet owner). But botnet owners generally don't advertise their presence by using too many resources.

    For the moment, using Tor is probably safe, if perhaps slower than usual.

    It's impossible to say who's running the botnet.

    You can follow the news at https://blog.torproject.org/blog/ .

    Yes, the past few months have been amazing.

    Yes, Tor has been much faster, until recently :(

    Indeed.
  14. Taliscicero
    Offline

    Taliscicero Registered Member


    Ooops, my bad guys. I left my botnet calculating the perfect cheese ratio for my cheese on toast sandwiches. Sorry! Also if those bots became relays and the bot farmer is benevolent, and TOR was previously compromised, TOR would have a new level of security due to the level of new relays.
  15. mirimir
    Online

    mirimir Registered Member

    "Bot farmer" and "benevolent" seem mutually exclusive.

    Maybe retired bot farmers can become as benevolent as Bill Gates ;)

    But still, having 90% of relays run by one entity (no matter how apparently benevolent) breaks Tor's security model.
  16. Taliscicero
    Offline

    Taliscicero Registered Member

    You have to remember, if it was a true benevolent force it would take the governmental nodes for example from say 50% -> 1% which would be a big win. But that's a big if. Its also super possible for this to be a USGOV black-ops botnet to do the exact opposite of what a benevolent force would do.
  17. mirimir
    Online

    mirimir Registered Member

    If you look at Tor user count from the beta method, the only countries without huge increases since mid August are Israel, those that block Tor access (e.g., Iran and China) and those with very few users.

    All users: -https://metrics.torproject.org/users.html?graph=userstats-relay-country&start=2013-01-01&end=2013-12-31&country=all#userstats-relay-country

    Israel: -https://metrics.torproject.org/users.html?graph=userstats-relay-country&start=2013-01-01&end=2013-12-31&country=il#userstats-relay-country

    -http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload/

    It's my understanding that botnet operators may avoid targeting the country where they live. But:

    Russia: -https://metrics.torproject.org/users.html?graph=userstats-relay-country&start=2013-01-01&end=2013-12-31&country=ru#userstats-relay-country

    We shall see, perhaps.
  18. Reality
    Offline

    Reality Registered Member

    My time difference might be such that theres not many here right now, but is anyone having problems accessing Tor blog? I can get Home page and that's all. Got it before just fine.
  19. mirimir
    Online

    mirimir Registered Member

    It was slow a while ago, but it seems OK now.
  20. Reality
    Offline

    Reality Registered Member

    Thanks, just got back in OK. Maybe maintenance or something. Only part of the site was timing out.
  21. mirimir
    Online

    mirimir Registered Member

    -http://blog.trendmicro.com/trendlabs-security-intelligence/the-mysterious-mevade-malware/

    Edit ...

    Israel: -https://metrics.torproject.org/users.html?graph=userstats-relay-country&start=2013-01-01&end=2013-12-31&country=il#userstats-relay-country

    Ukraine: -https://metrics.torproject.org/users.html?graph=userstats-relay-country&start=2013-01-01&end=2013-12-31&country=ua#userstats-relay-country

    Global: -https://metrics.torproject.org/users.html?graph=userstats-relay-country&start=2013-01-01&end=2013-12-31&country=all#userstats-relay-country
    Last edited: Sep 9, 2013
  22. Q Section
    Offline

    Q Section Registered Member

    [This is not an official response whatsoever but] Some entity(s) may be attempting this as an experiment in order to try to intercept and trace traffic when normally using TOR it would be extremely difficult to do so. This is strictly a surmise from here.
Thread Status:
Not open for further replies.