Silk Road forums

Also noise can be filtered even by me since they have watched two movies now. Maybe there are some other not SR people downloading the movie today as well, but how many of them downloaded movie 1 on the first day and move 2 on the second day? If I monitor the torrent swarms I can gather two crowds now and an intersection attack will reveal the people unique to both, who are almost certainly SR members. At this point I can wait to see if anybody comments on it and then if they are vendors I can try to correlate their shipping location with an IP address.

The churn is so high in this community that if that thread wasn't deleted, you'd see that almost none of the people who commented in it are around anymore. To prove my point, find any random thread from November 2012 and look at the posters.

This is assuming most people leave and don't just reinvent themselves with new accounts every few months.

"Die asholes".

Yes, that's what we're up against.

Yes we know, but maybe include in tutorial during normal setup so it always be setup

I'm really hoping there are more public relays.

Bridges are used by a small number of Tor users (30,000 out of 500,000 daily users, so about 6%). They don't carry any other traffic for the network. They help the diversity of entry points for that small percentage of users, but the network could use diversity at all positions (entry, middle, exit) and for all users.

The application layer attack that we witnessed is much worse than any network layer attack that we know about. All of the network layer attacks against hidden service users are statistical attacks that identify a random sample of users (although one could argue it's not completely random if technically savvy people mitigate it while less savvy people don't). If LE hacked the SR server and distributed a similar exploit, they could correlate IP addresses with specific users, because they would serve cookies to people who are logged into their accounts. So they wouldn't have to waste time investigating OzFreelancer or somebody who has never made a purchase. They could directly correlate IP addresses to the top vendors. That's why it's much more dangerous, and top vendors absolutely must protect themselves with more secure setups than TBB on Windows.

Quote

Sure you can. For #5, get people to run more relays (see the guide I just posted ). For #6, diversify the network outside of the cooperating intelligence agencies zone, which is my main suggestion in the relay guide.

Yes, adding more relays helps against #5.   They ratchet the cost of Sybil attacks up.  But to be clear, a hundred new relays doesn't change the risk all that much.    A hundred thousand new relays does.   

Since relay selection is weighted by bandwidth, adding a few hundred high bandwidth relays to the network to run a successful Sybil attack is also hard, especially if you don't want people to notice. When the number of relays jumped from 3500 to 3800 in a day last month, I know people who shut down their hidden services. They noticed. (That was probably a false positive, just a burst of interest in running relays.)

As an individual user, there's not much you can can do about today.  And the risk stays relatively static, but the cost to exploit keeps going up.  I think that last paper where they leveraged the bandwidth calculation on stacked Tor nodes was operating in the $500-1000 range for hosting, if I remember right.

The paper from a few months ago presented an attack on hidden services, which cost $11,000 and took 8 months to achieve a 90% detection rate.

It did not present an attack on Tor users, although the implications were that you could run a similar attack on the users of a hidden service if you become the hidden service's HSDir.  Instead of rotating in as one of the hidden service's entry guards, you rotate in as a user's entry guard. With a large enough user base (like SR), you are guaranteed to pwn a small random sample of the user base pretty quickly, but then what? All you know is that those people visited the web site. Journalists, curious people and even other LE agencies do that all the time. You'd be expending large amounts of resources on traditional investigations of a lot of dead leads and small time buyers who don't matter.

Also, users can mitigate the attack by increasing their entry guard rotation period. A few permanent bridges completely stop the attack.

Diversity helps #6, but I can't imagine the magic combination of routes you'd need to actually defeat it consistently.    NSA should have visibility into any US links they want, and should be able to horsetrade or coerce for views of other links.    If you could somehow balance the links between multiple spheres of influence (US, Russia, China, ?) you could make their jobs much harder.   But again, as an everyday user of Tor and possibly hidden services, it's just a base level of risk that's present.  You probably can't do enough personally change your risk.  But it's a very small, very mild risk in the grand scheme of things.   

Compared to the risk of mailing drugs around the world using the postal system, or trading CP, or leaking US military secrets, #5 & #6 are negligible levels of risk.

Exactly. Every busted buyer that we know about was busted because of drugs in the mail. Every busted vendor that we know about was busted because of IRL dealing or drugs in the mail. We should keep our focus on the big threats.

We also just witnessed an application layer exploit that probably deanonymized thousands of FH users, so I consider that a big threat now.

The Tor Browser Bundle has a 'Setup Relaying' option that seems pretty basic and quick to set up, is it not ideal or something?

That is definitely the easiest way to run a relay. Here are some reasons it's not a good idea, though. It puts your IP address on a list of public relays. That's something you probably want to avoid, just as I suggest using an alternate email address in the contact info. Most residential internet connections are pretty slow, especially the upload speeds. There are people who run relays from home, but most of them seem to be on Verizon FiOS connections (150 mbit). You'll have to keep the browser bundle running all the time. A relay with frequent downtimes is discouraged, because Tor clients downloads the list of relays at different times. Many will try to connect to your relay while it is down, so that adds to the inefficiency in the network. Lastly, if you aren't in South America or Asia, it doesn't add to the diversity of the network.

We might include instructions to make obfs3 relay to help citizens in china and other countries and obfs relay better to conceal traffic.

That's pretty easy. Follow the steps above on setting up a relay.

Then install the obfsproxy package:

apt-get install obfsproxy

And add these lines to /etc/tor/torrc

BridgeRelay 1
ServerTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy --managed