
TorFlow - bemmu
https://torflow.uncharted.software/
======
pierrec
Very classy visualization! Have a look at the code that determines the visual
flow of data between relays:
[https://github.com/unchartedsoftware/torflow/blob/master/pub...](https://github.com/unchartedsoftware/torflow/blob/master/public/javascripts/particles/particlesystem.js)

I think it doesn't _exactly_ reflect how paths are chosen based on relay
bandwidth scores, if we compare to the actual path selection algorithm:
[http://tor.stackexchange.com/a/114](http://tor.stackexchange.com/a/114)

I might be missing something, but it seems that relay same-family and
same-/16-subnet exclusions are ignored. This might bias the visualization to
increase the apparent traffic between popular nodes, while in reality, the
traffic should be slightly more evened out with less popular nodes. Hard to
tell if this effect makes any visible difference without analyzing the data,
though. Either way, because of the way the code is structured, it shouldn't be
too hard to fix: just simulate full paths instead of single connections
between nodes.

~~~
chris-dickson
Thanks for this! I opened an issue for it.

[https://github.com/unchartedsoftware/torflow/issues/4](https://github.com/unchartedsoftware/torflow/issues/4)

------
khgvljhkb
Clear proof TOR is used by the evil one, and that cryptography should be
banned: [http://i.imgur.com/NXT0OOJ.png](http://i.imgur.com/NXT0OOJ.png)

~~~
comboy
Brightest spots in capitals are probably caused by IP geolocation. Whois for
many IPs returns main ISP HQ address which usually is based in the capital
city. Also, geolocation tools will return capital city if no specific
information other than country is available.

I think they could improve they ip2address tool, because I would expect some
bright spot at hetzner datacenter and it's not there (while whois for IPs of
my servers there returns proper location of the datacenter).

Nevertheless, awesome visualization.

~~~
unicornporn
It's a pentagram, don't you see?

~~~
xupybd
Still can't see it. This feels like one of those magic eyes where I'm the only
one that can't see it....

------
stryk
No idea how good the data is, I assume it's good, but in my mind this is
impressive just on the visual representation of it alone. What a fantastically
beautiful display of information, the UI is great all around!

~~~
a3n
One suggestion for the UI: when you click a + on an option, the minus should
be at the bottom of the expanded option, so that you don't have to move the
mouse to close the expansion.

------
mih
A disproportionate amount of traffic seems to be passing through Monrovia,
Liberia compared to the rest of African continent and even more developed
places like Australia. Can anybody shed some light on this ?

~~~
msvan
IPredator is a Swedish VPN service that appeared when the "Ipred" law was
passed in Sweden, a law that was passed to allow rights holders to find and
prosecute people who torrent stuff. So most likely, it's used for piracy.

~~~
niij
Although the people running the relay may be associated with piracy, that
doesn't mean this exit node is any different than any other Tor exit node.
Traffic on the Tor network is doesn't distinguish by "pirated" content or not.
They're simply a company with privacy conscious employees who are probably
using their high-bandwidth relay as a form of advertisement.

------
rapht
Does anyone find it surprising that Europe seems to have comparatively more
nodes/traffic flow than the US?

~~~
dylz
There are huge amount of peered ISP that offer cheap servers.

OVH and Free Telecom probably host a huge amount of Tor traffic in FR. Easily
do 300 Mbps 24x7 for sub-$15/m dedicated server.

OVH also has subsidiaries in other EU countries that will geolocate back to
those countries (hosted in FR physically).

~~~
niij
Do you have a link for the service that could do 300mbps for this price? I'd
like to setup a server if that's the case.

~~~
dylz
free.fr -
[https://www.scaleway.com/pricing/](https://www.scaleway.com/pricing/) (these
are hardware, not VMs)

ovh -
[https://www.kimsufi.com/us/en/index.xml](https://www.kimsufi.com/us/en/index.xml)

~~~
niij
200mbps UNMETERED. That is awesome. Does anyone have experience running a Tor
node on free.fr?

~~~
bathory
There is also online.net[1] who are relatively cheap.

[1] [https://www.online.net/en/dedicated-server/dedibox-
scg2](https://www.online.net/en/dedicated-server/dedibox-scg2)

~~~
dylz
I use online heavily, forgot about that.

Here's a link to bookmark;
[https://console.online.net/en/order/server_limited](https://console.online.net/en/order/server_limited)

Occasionally there will be deals like 2xSSD HWraid 8-16 core 32GB/64GB ram for
<$50/m there (if it's blank there are no promos).

------
cmnzs
And the source:
[https://github.com/unchartedsoftware/torflow](https://github.com/unchartedsoftware/torflow)

------
aphrax
there's an interesting link in London between two points.
[http://imgur.com/LmvpcxL](http://imgur.com/LmvpcxL)

~~~
sklivvz1971
the two points being Westminster and the City...

------
yk
Whats the nexus in Germany north of Frankfurt? (My guess is, that it is
Hetzner, but can anybody comment?)

~~~
luchs
I don't think there's a data center there, it's probably just where all nodes
in Germany end up which don't have more accurate geolocation.

------
niij
Here's the summary: IP Geolocation is _at best_ inaccurate.

~~~
aw3c2
Addendum: Not actual traffic flows but simulated with an undescribed model.

------
detaro
How was this data collected? Doesn't this require all the relay operators
sharing their connection data?

~~~
niij
No, this information is publicly available when your Node joins the Tor
network. All nodes (except for a limited set of entry-nodes) are publicly
listed as being a part of the Tor network. Their IP addresses are used to
approximate their location based on where the IP address is registered.

~~~
chkuendig
but how is the flow of traffic between the nodes measured?

~~~
pierrec
Because the nodes in a path are determined randomly, with weighting based on
publicly available scores, you can simply estimate the amount of traffic
between any two given nodes. Here's a summary of how routes are chosen:

[http://tor.stackexchange.com/a/114](http://tor.stackexchange.com/a/114)

And here's the code that does the traffic estimation based on node bandwidth
scores (edit: hmm, seems that code might be slightly inaccurate, added a top
level comment to point this out...):

[https://github.com/unchartedsoftware/torflow/blob/master/pub...](https://github.com/unchartedsoftware/torflow/blob/master/public/javascripts/particles/particlesystem.js)

------
Thriptic
What's going on in Kansas?

~~~
chatmasta
Kansas has some big data centers in it (there's a reason google fiber launched
there). Lots of dedicated server and colocation providers are located in
Kansas City. In order for these providers to receive IP addresses from ARIN,
they must register with ARIN as an "autonomous system" (AS). One of the items
on the form they must complete is the geolocation of the IP address block they
are being assigned. That geolocation is often the location of the provider
company, not necessarily the location of the server(s) the IP(s) point to.

Server providers register as autonomous systems, and purchase IP space in
large blocks. They often have servers at multiple data centers, with VLAN
routing configured to switch packets at the ingress IP to whichever server
that IP is assigned to. When a client rents a server from a provider, the
provider assigns the client some number of IP addresses from its available
pool. Many times, the provider does not actually SWIP (officially delegate via
ARIN) these IP addresses to the client, so the registration with ARIN will not
reflect the owner of the server an IP currently points to.

tl;dr When a packet goes to an IP belonging to an AS registered with a certain
geolocation, the AS can switch that packet to wherever it wants.

~~~
awl130
sprint headquarters

~~~
martin1b
Sprint is in KC. It didn't look like KC. More like Wichita.

------
incredulousk
anyone else think it is curious that there is hardly any Tor traffic in/out of
Seattle? You would think with the high density of tech-types, and proximity to
pacific links, that there would at least be something?

------
emilburzo
If anyone else is seeing a page with just a map (and nothing moving), you
probably have webgl disabled

------
awl130
what's happening just north of charleston, south carolina? google earth shows
what seems like a cleared foundation in the middle of undeveloped land.

Unnamed Rd, Charleston, SC 29492, USA 32.912336, -79.862333

[https://www.google.ca/maps/place/32%C2%B054'44.4%22N+79%C2%B...](https://www.google.ca/maps/place/32%C2%B054'44.4%22N+79%C2%B051'44.4%22W/@32.9123316,-79.8798429,6153m/data=!3m2!1e3!4b1!4m2!3m1!1s0x0:0x0)

------
jorgecurio
I see connections coming out of north korea....

------
drakenot
I'm surprised by how dark Australia is. I at least expected the coastal cities
to be lit up.

~~~
jandrese
I suspect this is partly due to how notoriously overpriced and under-
performing Australian internet access is.

------
pavki
I don't trust Tor because of exit nodes.

~~~
lindx
Can you elaborate?

~~~
phusion
Traffic sent over TOR is unencrypted. Use a VPN or SSH tunnel of some kind and
you've got location obscured and traffic encrypted. Boo-yah. Slow as shit
though.

~~~
throwaway7767
No, traffic sent through tor is encrypted all the way to the exit node. From
there, it's in the clear (how else would the data get to its destination on
the open internet?)

VPNs are exactly the same. They're encrypted to your provider and cleartext
from there. Except the VPN provider knows exactly who you are because they see
the IP you're connecting to, in addition to the content. A tor exit node only
sees the content, but does not know the source.

No matter how you're connecting, you need to ensure you are running encrypted
protocols (SSH, https, ...) to protect against whoever relays your traffic.
Tor, VPNs etc do not change this.

