[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] New Astoria Tor client is said to be better than plain Tor



I would like to stress that most of the news articles I've come across have
some incorrect claims. It is sad that none of them got in touch with us
before publishing their stories. Please read the paper [1] if you'd like to
know what Astoria actually tries to do.

We'd rather have informed positive or negative feedback from interested
people, than uninformed approval or dismissal of our work. In the end, our
goal is to build something useful for the Tor community.

[1]  http://arxiv.org/pdf/1505.05173.pdf

On Sat, May 23, 2015 at 8:10 PM, Rishab Nithyanand <rishabn.uci@gmail.com>
wrote:

>
> On Fri, May 22, 2015 at 9:40 PM, Yuri <yuri@rawbw.com> wrote:
>
>> On 05/22/2015 14:26, Rishab Nithyanand wrote:
>>
>>> Our evaluation shows that it does quite well to avoid asymmetric
>>> correlation attacks, but the performance is a bit off from Tor (metric:
>>> page load times for Alexa Top 100 from 10 countries).
>>>
>>
>> But such attacks exploit bursts of traffic with higher-than-average
>> byterate, or frequent changes of the traffic intensity. Would an option
>> limiting bandwidth of the tor connection also make it more secure in the
>> similar way?
>>
>>
> Potentially. The way I see it, there are two approaches one might take to
> avoid the problem of correlation attacks.
>
> (1) Build circuits that avoid the possibility of ASes that may perform
> correlation.
>
> (2) Control traffic flows from exits to destinations so that even though
> attempts of correlation are possible, they are hard/impossible to perform
> with any reasonable accuracy.
>
> We took the former approach. This is not to say that the latter is not
> possible.
>
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk