Anonimity, are there enough peers? #3067
Comments
|
I can answer a part of your questions. A few weeks ago I performed a measurement on the Tribler network health and found that we still have (at least) thousands of peers around the globe. This provides sufficient protection within the limits of the TOR protocol. However, as you mentioned, a downside of the TOR protocol is that it is vulnerable to correlation attacks. This is something we can partially solve by providing full end-to-end encryption using a hidden services set-up. But this requires that both peers are part of the Tribler network (which would be great, but is unlikely). Long story short: our implementation can protect you from individuals and ordinary companies trying to monitor you, but not from parties who control the entire network (governments, intelligence agencies, etc.) |
|
@qstokkink but I guess not all of those thousands of peers are exit nodes (for torrents not on the tribler network) and just run as 'entry guards'? As by default the allow exit node option is unticked in the settings. Or do I misunderstand how it works? |
|
@pimlie correct, most of these will be relays. I don't actually have a recent measurement specifically for exit nodes, but I'm guessing its in the range of a few dozen (don't quote me on this). |
|
@qstokkink arent the exit nodes a 'weak' link in the tribler network with regards to anonimity? Again, maybe I dont understand fully how it works, but if you host an exit node you can easily monitor/log all incoming/outgoing traffic. As the outgoing traffic is just normal p2p, I would guess you could easily correlate incoming tribler traffic with outgoing p2p traffic by e.g. selectively permitting the incoming tribler traffic? |
|
@pimlie Thankfully it's not quite that easy. You would need to (D)DOS a suspected source of the data and see if it affects your outgoing data as an exit node (even then you are not 100% sure, as you might be relaying someone else's data) So you would need multiple measurements to affirm that someone is indeed the source of the data going through your exit node, as we don't send your naked peer info to other clients (it is anonymized). To combat this sampling we periodically throw away circuits and load balance over multiple circuits at once. In short, to actually perform such an attack you (a) already need a suspect beforehand which just so happens to use your exit node, (b) perform multiple measurements and (c) do them fast before the circuit drops. So yes, if you are big and powerful enough you may be able to pull this off (but it is still unlikely). |
|
@qstokkink ah ok, I guess the exit node is not one of the hop's? So if you choose 1 hop its: you -> hop 1 -> exit node -> non-tribler clients? If so, how does a hop know where to find an exit node? |
|
@pimlie That would actually be two hops. One hop means you directly communicate with an exit node (in Tribler). The exit node cannot see the difference between you being the 2nd hop in the circuit or the originator however (or the 5th hop for that matter). The way the circuit is extended is called telescoping. This uses the dht of the next node in the circuit to discover relay/exit candidates in the overlay network to set up the next hop after this node in the circuit. If you want to know more about the telescoping system you can reference the original Tor paper by R. Dingledine. |
|
@qstokkink that was indeed an issue I was thinking about when using only 1 hop. Although I understand (and mostly agree) why it will be hard for persons and/or companies to track what you do, I think it would be interesting to have a bit more insight in who owns the Tribler exit nodes (something like http://torstatus.blutmagie.de/ would be nice). The main reason for this is what I slightly mentioned above, from a legal point of view the owner of an ip address is responsible for all traffic originating from it. A private organisation that has been given legal investigative powers and wants to catch (or at least scare away) downloaders of certain torrents through Tribler could just setup a butt load of exit nodes (cheap amazon instances) and start 'threatening' all the owners of the first-level nodes they see. From a legal point of view they dont (have to) care about whether the download really originated from that peer as that peer is as much as responsible as the originating. So as mentioned above, it could probably be interesting to know if there is a sudden increase in exit nodes and whether they can be trusted or not. The same 'legal attack' could actually also apply to the Tribler network itself if such an organisation would host their own channel with copyright protected content (at least in countries where incitement is not illegal). But probably a bit less realistic. Btw, thanks for taking the time to answer my questions. Just trying to get a better understanding of how everything works 👍 |
|
@pimlie We did actually have something like this in the past, but after the server went down a few times we stopped reviving it, see #1567. The code is still there though, so we should be able to get it operational again somewhat quickly. Also, I think we should be extremely careful about publishing a list of exit nodes. This can quickly turn into a hit list for honest exit nodes. Basically pushining the good guys. But I see your point. Finally, I don't mind answering questions. I think its a good idea for people to critically reflect on the software they use, especially when it concerns their privacy. A conversation like this one is also a great way to share information with the people that did not dare to ask these questions themselves . |
|
@qstokkink have you done any (preemptive) legal research in the implication of running a tribler peer and/or an exit node? Besides copyrighted content Tribler could be used for a lot more sharing of potentially legally contested materials. Could maybe be an interesting research subject for a law student? |
|
We now have a live overview of the currently online peers: http://statistics.tribler.org/ . |
|
good stuff! Please add a intro to clarify, like: this is a network crawl. As a peer-to-peer network you need to know who else is running Tribler. We hide what you do and where you are by adding Tor-like tunnels on top of this basic overlay network. We are experimenting with stronger protection, stealth capability https://thehackernews.com/2015/02/android-encryption-tool.html this will take years to become ready. |
|
@synctext updated :) |
|
|
@synctext The way these statistics are generated is by looking at the communities advertised by a peer through the Discovery community. This has a hard cap of 20 communities. This means that users with +- 15 stars will randomly not advertise themselves as being part of the AllChannel community. |
In the past it has been mentioned (eg #1816) that one of the reason the anonymity of tribler is unavailable or slow is because there are not enough peers and the university would provide more peers to boost the network. So how many peers are there, are there enough to stay relatively anonymous?
E.g. how vulnerable is the anonymity in tribler to eg law firms setting up a lot of peers / exit nodes themselves? Afaik for the TOR network this is often regarded as one possible way to try to determine what is sent through the network. Some even believe a lot or TOR exit nodes are or have been provided by state agencies just to do this. E.g. is there any monitoring in place for a sudden surge of exit nodes and is it possible to block certain exit nodes from the tribler network?
Also now that downloading is illegal in the Netherlands and the burden of proof is reversed (as in the 'owner' of the exit node's ip address is guilty unless you can proof it was not you), how long will the university be providing peers for the tribler network?
The text was updated successfully, but these errors were encountered: