

Total relay bandwidth in the Tor network - Ihmahr
https://metrics.torproject.org/network.html?graph=bandwidth&start=2012-06-12&end=2013-12-11#bandwidth
For more historical perspective:
https:&#x2F;&#x2F;metrics.torproject.org&#x2F;network.html?graph=bandwidth&amp;start=2008-06-12&amp;end=2013-12-11#bandwidth
======
slashdotaccount
According to the "Full Disclosure - The Internet Dark Age" paper (1) the
N.S.A. can route a target who is using Tor into their "own" Tor network where
they control all the nodes, thus compromising the security of the target. Does
anybody knows how one can be sure that he is in the legitimate Tor network and
not a fake one?

(1) [http://cryptome.org/2013/12/Full-
Disclosure.pdf](http://cryptome.org/2013/12/Full-Disclosure.pdf)

~~~
owenmarshall
>Does anybody knows how one can be sure that he is in the legitimate Tor
network and not a fake one?

I'm a bit uncertain that document is completely credible - it makes some
claims that appear to be very wild, even given what we've seen so far.

But let's assume they're right about their Tor claim. Even if the NSA places
you on a controlled Tor network, I could still read my gmail because the NSA
would have to try to get around Google's SSL.

Some bad endpoints have been known to try and MITM SSL before, but always with
self signed certificates, so if the user messed up it was down to them.

Of course, if our endpoints are run by the NSA, and the NSA have pressured
other CAs to sign *.google.com, we can only depend on cert pinning. But it's
the NSA, so how do we know that they haven't already backdoored my browser to
change the pinned fingerprints...

But at the end of the day, the latest I'd heard from the Snowden revelations
is that Tor is a major thorn in the NSA's side, so I'm inclined to believe
that over this breathless PDF that makes all sorts of outlandish claims.

EDIT: From that PDF:

> When the DSL connection is established a covert DHCP request is sent to a
> secret military network owned by the U.S. Government D.O.D. You are then
> part of that U.S. D.O.D. military network, this happens even before you have
> been assigned your public IP address from your actual ISP.

That stretches the bounds of credulity - it assumes that a giant government-
mandated conspiracy exists between ISPs, device manufacturers, networking
developers... even with what we've seen so far it's impossible to swallow.

~~~
yuvadam
You can read your Gmail over HTTPS, but Tor hidden services generally do not
use SSL/TLS (since they _are_ the exit node for that connection).

~~~
owenmarshall
Ah, that seems sensible - because if the chain is me -> a -> b ->
badsite.onion, and the NSA owns a & b, I'm encrypting to each of those node's
keys; and in the absence of a central Torland CA, I can't trust anything but
what's visible.

So even if badsite.onion used TLS, I'd be forced to verify their certificate
offline or risk

me -> a -> b -> badsite.onion (NSA fakery) <=> torchain -> badsite.onion
(real)

Am I tracking? That's tricky.

~~~
nwh
Remember that the URL acts as the public key. If you got the URL from a
reputable source then there's no way that you could manage tot get into that
situation. Just like SSL you're assured that the destination is who you think
it is.

------
nly
There was a good overview of how the network is actively managed, and who is
providing new relays and the most bandwidth, at Defcon 21:

[https://www.youtube.com/watch?v=864FxA3jmHk](https://www.youtube.com/watch?v=864FxA3jmHk)

~~~
Ihmahr
Yes, I have been considering i2p, the 'garlic router' which seems to have
hedged against a lot of attacks that could be possible on tor.

~~~
nly
I agree, I2P is interesting. I don't know why it doesn't get more press or
support. According to the website some reps of the I2P team will be at 30C3 in
2 weeks time btw.

~~~
Ihmahr
I have a theory,

There are 7 directory authorities in Tor, if they don't function then the tor
network is dead. So that is just seven people you would need to abduct and
torture (to take over the tor network) or 7 drone strikes to kill all tor
traffic. I am unsure but I think this is not the case for i2p.

EDIT: So that might be a reason for NSA to support Tor over i2p.

------
bernatfp
I don't like how this title oversimplifies the causes of growth to be the NSA
scandal. I guess Silk Road also played an important role in this increase and
it is not mentioned.

~~~
Ihmahr
How did silk road add more bandwidth to the network? Also, SR was way before
Snowden.

~~~
ressaid1
The only way to access Silk road was through TOR

~~~
gwern
Yes, but that means SR users were using up Tor bandwidth, they weren't
necessarily supplying any.

------
john-p
loading speed is still too slow for daily use really.

~~~
dublinben
Have you done your part to improve that by contributing a relay?

