Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,660 --> 00:00:08,940
Now for directory authorities and relays within the Tor network hardcoded into every Tor client is a
2
00:00:08,940 --> 00:00:18,990
list of 10 directory or authorities or DA's these days are distributed around the world and are in charge
3
00:00:19,050 --> 00:00:27,350
of distributing an ever changing master list of all known toll relays and their capabilities.
4
00:00:27,480 --> 00:00:30,940
This list is called the consensus.
5
00:00:31,110 --> 00:00:35,290
And that's what you see here in front of you.
6
00:00:35,370 --> 00:00:39,000
This is the consensus.
7
00:00:39,000 --> 00:00:44,040
Now I know you won't be able to see this but if you go to this link this is an info graphic if you want
8
00:00:44,040 --> 00:00:49,770
to have a full breakdown of the consensus and want to know a little bit more about it.
9
00:00:49,770 --> 00:00:58,410
By Jordan right the DA's play a very important role as they are the gatekeepers that choose what relays
10
00:00:58,410 --> 00:01:02,600
are valid and when by default.
11
00:01:02,640 --> 00:01:10,500
As you know Tor bouncer's connections through three relays this circuit is chosen at random based on
12
00:01:10,500 --> 00:01:17,280
the bandwidth that is available in each country although you can manually configure the choice of relays
13
00:01:17,730 --> 00:01:18,780
if you wish.
14
00:01:18,780 --> 00:01:25,490
This is not recommended though trust is distributed and there is no central ownership because it is
15
00:01:25,490 --> 00:01:27,220
an open network.
16
00:01:27,240 --> 00:01:34,700
Anyone including your adversary can run these relays although there is a vetting process.
17
00:01:34,770 --> 00:01:43,110
But because of the onion routing they cannot see the full circuit even if they own a relay.
18
00:01:43,110 --> 00:01:49,050
If they own three relays they would be able to see the full circuit but they wouldn't necessarily know
19
00:01:49,050 --> 00:01:54,690
that it was you going in and you going out unless they performed a correlation attack.
20
00:01:54,690 --> 00:01:56,280
We will discuss that shortly.
21
00:01:56,280 --> 00:01:58,910
Each relay has a specific role.
22
00:01:59,070 --> 00:02:02,480
You can see here by the way this is a relay this is a relay.
23
00:02:02,490 --> 00:02:04,490
This is a relay on the diagram.
24
00:02:04,740 --> 00:02:10,870
The entry or guard relay is the entry point to the Tor network.
25
00:02:10,950 --> 00:02:15,220
Relays are selected to serve as guard relays.
26
00:02:15,390 --> 00:02:23,430
After being around for a while as well as having shown to be stable and having high bandwidth the middle
27
00:02:23,430 --> 00:02:29,750
relay is used to transport traffic from the guard relay to the exit relay.
28
00:02:29,760 --> 00:02:38,160
This prevents the guard and exit relay from knowing each other the exit relay is the exit point at the
29
00:02:38,220 --> 00:02:40,360
edge of the Tor network.
30
00:02:40,380 --> 00:02:47,870
These relays send traffic to the final destination intended by the client the exit relay can see the
31
00:02:47,880 --> 00:02:54,630
data sent by the client since they have to pass that data to the destination.
32
00:02:54,630 --> 00:03:04,710
This means that if sensitive data is passed on encrypted say over Haiti ETP FGP or the clear text protocols
33
00:03:04,950 --> 00:03:11,810
the exit relays can sniff the traffic they can inject into the traffic malicious code.
34
00:03:11,880 --> 00:03:16,110
As I have already mentioned this is a known vulnerability.
35
00:03:16,110 --> 00:03:24,670
It is not part of the tool designed to protect against you personally can volunteer to run a toll relay
36
00:03:24,680 --> 00:03:24,870
.
37
00:03:24,990 --> 00:03:33,420
If you have your own server or VPS a sensible question to ask might be do you get more anonymity if
38
00:03:33,420 --> 00:03:35,390
you run your own relay.
39
00:03:35,490 --> 00:03:41,760
Because lots of traffic would go through your relay so surely this would make it harder for an adversary
40
00:03:41,760 --> 00:03:45,840
to know what traffic belong to you and what traffic belongs to someone else.
41
00:03:45,900 --> 00:03:53,220
Well the answer depends on the type of attacks you're expecting which we will cover in its own section
42
00:03:53,220 --> 00:03:55,800
until we assess the various attacks.
43
00:03:55,800 --> 00:04:02,850
Let me read what the Tor Project has to say on ruining your own relay and whether this makes you more
44
00:04:02,880 --> 00:04:07,680
anonymous and attacker who owns a small number of tall relays.
45
00:04:07,680 --> 00:04:14,310
He will see a connection from you but he won't be able to know whether the connection originated at
46
00:04:14,310 --> 00:04:18,590
your computer or was relayed from somebody else.
47
00:04:18,600 --> 00:04:25,350
There are some cases where it doesn't seem to help if an attacker can watch all of your incoming and
48
00:04:25,380 --> 00:04:26,570
outgoing traffic.
49
00:04:26,610 --> 00:04:34,180
Then it's easy for him to learn which connections were relayed and which started you in this case.
50
00:04:34,230 --> 00:04:39,060
He still doesn't know your destination unless he is watching them too.
51
00:04:39,150 --> 00:04:43,920
But you are no better off than if you were an ordinary client.
52
00:04:43,920 --> 00:04:47,740
There are also some downsides to running a toll relay.
53
00:04:47,740 --> 00:04:54,360
First while we only have a few hundred relays the fact that you're running one might signal to your
54
00:04:54,420 --> 00:04:59,370
adversary that you place a high value on your anonymity.
55
00:04:59,370 --> 00:05:07,710
Second there are some more exotic attacks that are not well understood or well tested that involve making
56
00:05:07,710 --> 00:05:11,880
use of the knowledge that you are actually running a relay.
57
00:05:11,880 --> 00:05:18,960
For example an attacker may be able to observe whether you are sending traffic even if he can't actually
58
00:05:18,960 --> 00:05:25,940
watch your network by relaying traffic through your toll relay and noticing changes in traffic.
59
00:05:25,940 --> 00:05:33,930
Timing it is an open research question where the benefits outweigh the risks of running your own relay
60
00:05:33,960 --> 00:05:34,300
.
61
00:05:34,380 --> 00:05:39,840
A lot of that depends on the attacks you are most worried about the most users.
62
00:05:39,840 --> 00:05:45,150
The Tor Project thinks it is a smart move to run a relay.
63
00:05:45,150 --> 00:05:52,830
Personally I'm not really sure either but what I do know is it's always good to be on interesting and
64
00:05:52,830 --> 00:05:58,650
running a relay is definitely interesting to an adversary and I would never recommend doing it from
65
00:05:58,650 --> 00:06:00,380
your home either.
66
00:06:00,420 --> 00:06:08,160
A tip you are less likely to get complaints from your provider if you run a guard or middle relay as
67
00:06:08,250 --> 00:06:16,410
all they would see would be encrypted traffic running an exit node is a risky business as you have no
68
00:06:16,410 --> 00:06:24,450
control over what traffic goes through it and out of it on encrypted onto where you may get served with
69
00:06:24,450 --> 00:06:31,310
a copyright violation notice sued or even get a knock at the door and arrested.
70
00:06:31,350 --> 00:06:35,190
It does happen if you are thinking about setting one up.
71
00:06:35,190 --> 00:06:42,650
Check out this for configuring a toll relay on Debian and or a boon too if you are going to room one
72
00:06:42,830 --> 00:06:43,080
.
73
00:06:43,110 --> 00:06:50,730
The best thing to do is be very open about it so you can justify the traffic as not being your own.
74
00:06:50,730 --> 00:06:53,660
And the Tor Project helps a lot with this.
75
00:06:53,700 --> 00:06:55,430
So if you are going to run one.
76
00:06:55,440 --> 00:06:56,490
Check this out.
77
00:06:56,490 --> 00:07:00,670
Understand the legal side of being a relay operator.
78
00:07:00,780 --> 00:07:07,730
The Tor Project should provide guidance on any legal issues but it is of course your own risk.
79
00:07:07,770 --> 00:07:11,350
But it is good if you can support the Tor Project.
8951
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.