13

This might be a general question about any anonymizing service, but I'm new here and curious about, but not super familiar with, Tor.

Suppose there's a service that engages in some handshake with clients that takes the form of a 'call-and-response'. (The client has to make some decision in response to content at an application level. )

They also have some data stored with the service, so they need to authenticate. So later sessions can be compared against this one.

It seems like the service should get a full round trip time for packets, all the way back to the source, along with a reasonable location for the exit node (they can traceroute to that point).

Latency can be impacted by so many other factors, (including tor routing) so it's definitely noisy data, but the more a person visits, each time from a different tor node, can't the service do a clustering analysis to get a gradually improving picture of the person's physical location?

Is there something that prevents this gradual acquisition of data?

Jon Ericson
  • 101
  • 3
Shape
  • 233
  • 1
  • 4

2 Answers2

9

There's one important fact that makes such an attack extremely difficult. A connection between a Tor client and a Tor hidden service is actually composed of two entirely separate circuits that both connect to a rendezvous point. One circuit is set up by the client, the other by the server.

Therefore, the client doesn't know which relays the data uses on the journey from the RP to the server, and it's not possible to "traceroute" anything beyond the RP. Likewise, the server has no idea how the client gets to the RP. If the server is a normal web service rather than a Tor hidden service, it still doesn't know anything about the client's path to the exit node.

That path can involve relays from all over the world. It's possible for two machines to be right next to each other but transfer data over a Tor connection with 100ms latency thanks to all the bouncing around. (The fastest possible physical speed for data transfer is about 5 milliseconds for a thousand miles, because of the speed of light.)

It is conceivably possible to get an upper bound on the distance if you get extremely lucky and all chosen relays are physically close. Still, there's going to be a lot of noise from Tor's low bandwidth, and it's shockingly unlikely that anybody lives close enough to a sufficiently large clump of Tor relays to allow such deanonymization. Also, this technique would be very vulnerable to deliberate deception.

Ben N
  • 439
  • 2
  • 10
2

this kind of analysis is not possible, because even in a clearnet to make ping/latency be actually in a proportional relation with your location, you need also a very accurate data of the network load overall on the full path of the packet. These data a nearly-impossible to accure in clearnet, in any darknet it's technically impossible to get such a data. So don't worry: no locating analysis just by ping/latency is possible

Alexey Vesnin
  • 6,385
  • 3
  • 15
  • 36