Possible upcoming attempts to disable the Tor network
The Tor Project has learned that there may be an attempt to incapacitate our network in the next few days through the seizure of specialized servers in the network called directory authorities. (Directory authorities help Tor clients learn the list of relays that make up the Tor network.) We are taking steps now to ensure the safety of our users, and our system is already built to be redundant so that users maintain anonymity even if the network is attacked. Tor remains safe to use.
We hope that this attack doesn't occur; Tor is used by many good people. If the network is affected, we will immediately inform users via this blog and our Twitter feed @TorProject, along with more information if we become aware of any related risks to Tor users.
The Tor network provides a safe haven from surveillance, censorship, and computer network exploitation for millions of people who live in repressive regimes, including human rights activists in countries such as Iran, Syria, and Russia. People use the Tor network every day to conduct their daily business without fear that their online activities and speech (Facebook posts, email, Twitter feeds) will be tracked and used against them later. Millions more also use the Tor network at their local internet cafe to stay safe for ordinary web browsing.
Tor is also used by banks, diplomatic officials, members of law enforcement, bloggers, and many others. Attempts to disable the Tor network would interfere with all of these users, not just ones disliked by the attacker.
Every person has the right to privacy. This right is a foundation of a democratic society. For example, if Members of the British Parliament or US Congress cannot share ideas and opinions free of government spying, then they cannot remain independent from other branches of government. If journalists are unable to keep their sources confidential, then the ability of the press to check the power of the government is compromised. If human rights workers can't report evidence of possible crimes against humanity, it is impossible for other bodies to examine this evidence and to react. In the service of justice, we believe that the answer is to open up communication lines for everyone, securely and anonymously.
The Tor network provides online anonymity and privacy that allow freedom for everyone. Like freedom of speech, online privacy is a right for all.
[Update Monday Dec 22: So far all is quiet on the directory authority front, and no news is good news.]
[Update Sunday Dec 28: Still quiet. This is good.]
Well, by their breaking of
Well, by their breaking of their own laws, they are certainly crooks.
Stay safe, Tor team.
It is obvious that there are
It is obvious that there are many out there who would like to see the network disrupted as it undermines and in some cases directly threatens what they do (or would like to do).
The removal of DA's will not prevent Tor working per-se but it will cause significant issues with maintaining the integrity of the relay list and communication of that to client instances and indeed other relays.
We would question the motivation behind such an attack though, is it just short term disruption? Or a nefarious attempt to propagate a longer term sybil-a-like attack? Or something else completely?
In any case it is clear that some consideration must be given to the DA function within the network and how to hold the census together in a more resilient manner but at the same time avoid creating exposure to sybil attacks. The mechanism used for maintaining the Hidden Service directories using a DHT is an obvious candidate but again just opens up the DA function to a different class of attack.
love
El Presidente
Roger, is there a possible
Roger,
is there a possible pre-emptive action that can be taken - in the open light - to render such a move futile ?
For instance ask the nice people from CCC and their freedom minded supporters working at freedom minded companies to set up another three directory authorities? Which would work on a short time scale.
A suggestion for the longer term, would be that the developers take some lessons from the freenet design and ask your bridges (& perhaps users along) into lending some harddisk space (1mb for example) and distribute broken up lists in an encrypted way over these channels (key served later).
And perhaps let bridges turn into DAs themselve, distribute an encrypted "fortune cookie", and when the DAs shout a special key throughout tor then only certain(random) bridges & users can turn into DAs(minimizing the chance of a hostile takeover of tor).
I suspect that a fast
I suspect that a fast reaction that would take place within a few days might be difficult.
The directory authorities (DAs) almost certainly need to handle massive amounts of bandwidth, need to be on colocated hardware, and need to be security hardened. This means that establishing a new DA would take some time - and even then, I suspect (but do not know for certain) that the DA would then have to be hard coded into Tor. So, users would then half to upgrade to get the advantages of establishing a new DA.
Additionally, the people that run any new DAs need to be trusted to keep the network secure.
As far as the more technical solutions you mention, you should consider creating a proposal for a more complete idea so it can be evaluated in full. While doing so, it is helpful if you can suggest some advantages and disadvantages that your approach provides.