Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,660 --> 00:00:08,940 Now for directory authorities and relays within the Tor network hardcoded into every Tor client is a 2 00:00:08,940 --> 00:00:18,990 list of 10 directory or authorities or DA's these days are distributed around the world and are in charge 3 00:00:19,050 --> 00:00:27,350 of distributing an ever changing master list of all known toll relays and their capabilities. 4 00:00:27,480 --> 00:00:30,940 This list is called the consensus. 5 00:00:31,110 --> 00:00:35,290 And that's what you see here in front of you. 6 00:00:35,370 --> 00:00:39,000 This is the consensus. 7 00:00:39,000 --> 00:00:44,040 Now I know you won't be able to see this but if you go to this link this is an info graphic if you want 8 00:00:44,040 --> 00:00:49,770 to have a full breakdown of the consensus and want to know a little bit more about it. 9 00:00:49,770 --> 00:00:58,410 By Jordan right the DA's play a very important role as they are the gatekeepers that choose what relays 10 00:00:58,410 --> 00:01:02,600 are valid and when by default. 11 00:01:02,640 --> 00:01:10,500 As you know Tor bouncer's connections through three relays this circuit is chosen at random based on 12 00:01:10,500 --> 00:01:17,280 the bandwidth that is available in each country although you can manually configure the choice of relays 13 00:01:17,730 --> 00:01:18,780 if you wish. 14 00:01:18,780 --> 00:01:25,490 This is not recommended though trust is distributed and there is no central ownership because it is 15 00:01:25,490 --> 00:01:27,220 an open network. 16 00:01:27,240 --> 00:01:34,700 Anyone including your adversary can run these relays although there is a vetting process. 17 00:01:34,770 --> 00:01:43,110 But because of the onion routing they cannot see the full circuit even if they own a relay. 18 00:01:43,110 --> 00:01:49,050 If they own three relays they would be able to see the full circuit but they wouldn't necessarily know 19 00:01:49,050 --> 00:01:54,690 that it was you going in and you going out unless they performed a correlation attack. 20 00:01:54,690 --> 00:01:56,280 We will discuss that shortly. 21 00:01:56,280 --> 00:01:58,910 Each relay has a specific role. 22 00:01:59,070 --> 00:02:02,480 You can see here by the way this is a relay this is a relay. 23 00:02:02,490 --> 00:02:04,490 This is a relay on the diagram. 24 00:02:04,740 --> 00:02:10,870 The entry or guard relay is the entry point to the Tor network. 25 00:02:10,950 --> 00:02:15,220 Relays are selected to serve as guard relays. 26 00:02:15,390 --> 00:02:23,430 After being around for a while as well as having shown to be stable and having high bandwidth the middle 27 00:02:23,430 --> 00:02:29,750 relay is used to transport traffic from the guard relay to the exit relay. 28 00:02:29,760 --> 00:02:38,160 This prevents the guard and exit relay from knowing each other the exit relay is the exit point at the 29 00:02:38,220 --> 00:02:40,360 edge of the Tor network. 30 00:02:40,380 --> 00:02:47,870 These relays send traffic to the final destination intended by the client the exit relay can see the 31 00:02:47,880 --> 00:02:54,630 data sent by the client since they have to pass that data to the destination. 32 00:02:54,630 --> 00:03:04,710 This means that if sensitive data is passed on encrypted say over Haiti ETP FGP or the clear text protocols 33 00:03:04,950 --> 00:03:11,810 the exit relays can sniff the traffic they can inject into the traffic malicious code. 34 00:03:11,880 --> 00:03:16,110 As I have already mentioned this is a known vulnerability. 35 00:03:16,110 --> 00:03:24,670 It is not part of the tool designed to protect against you personally can volunteer to run a toll relay 36 00:03:24,680 --> 00:03:24,870 . 37 00:03:24,990 --> 00:03:33,420 If you have your own server or VPS a sensible question to ask might be do you get more anonymity if 38 00:03:33,420 --> 00:03:35,390 you run your own relay. 39 00:03:35,490 --> 00:03:41,760 Because lots of traffic would go through your relay so surely this would make it harder for an adversary 40 00:03:41,760 --> 00:03:45,840 to know what traffic belong to you and what traffic belongs to someone else. 41 00:03:45,900 --> 00:03:53,220 Well the answer depends on the type of attacks you're expecting which we will cover in its own section 42 00:03:53,220 --> 00:03:55,800 until we assess the various attacks. 43 00:03:55,800 --> 00:04:02,850 Let me read what the Tor Project has to say on ruining your own relay and whether this makes you more 44 00:04:02,880 --> 00:04:07,680 anonymous and attacker who owns a small number of tall relays. 45 00:04:07,680 --> 00:04:14,310 He will see a connection from you but he won't be able to know whether the connection originated at 46 00:04:14,310 --> 00:04:18,590 your computer or was relayed from somebody else. 47 00:04:18,600 --> 00:04:25,350 There are some cases where it doesn't seem to help if an attacker can watch all of your incoming and 48 00:04:25,380 --> 00:04:26,570 outgoing traffic. 49 00:04:26,610 --> 00:04:34,180 Then it's easy for him to learn which connections were relayed and which started you in this case. 50 00:04:34,230 --> 00:04:39,060 He still doesn't know your destination unless he is watching them too. 51 00:04:39,150 --> 00:04:43,920 But you are no better off than if you were an ordinary client. 52 00:04:43,920 --> 00:04:47,740 There are also some downsides to running a toll relay. 53 00:04:47,740 --> 00:04:54,360 First while we only have a few hundred relays the fact that you're running one might signal to your 54 00:04:54,420 --> 00:04:59,370 adversary that you place a high value on your anonymity. 55 00:04:59,370 --> 00:05:07,710 Second there are some more exotic attacks that are not well understood or well tested that involve making 56 00:05:07,710 --> 00:05:11,880 use of the knowledge that you are actually running a relay. 57 00:05:11,880 --> 00:05:18,960 For example an attacker may be able to observe whether you are sending traffic even if he can't actually 58 00:05:18,960 --> 00:05:25,940 watch your network by relaying traffic through your toll relay and noticing changes in traffic. 59 00:05:25,940 --> 00:05:33,930 Timing it is an open research question where the benefits outweigh the risks of running your own relay 60 00:05:33,960 --> 00:05:34,300 . 61 00:05:34,380 --> 00:05:39,840 A lot of that depends on the attacks you are most worried about the most users. 62 00:05:39,840 --> 00:05:45,150 The Tor Project thinks it is a smart move to run a relay. 63 00:05:45,150 --> 00:05:52,830 Personally I'm not really sure either but what I do know is it's always good to be on interesting and 64 00:05:52,830 --> 00:05:58,650 running a relay is definitely interesting to an adversary and I would never recommend doing it from 65 00:05:58,650 --> 00:06:00,380 your home either. 66 00:06:00,420 --> 00:06:08,160 A tip you are less likely to get complaints from your provider if you run a guard or middle relay as 67 00:06:08,250 --> 00:06:16,410 all they would see would be encrypted traffic running an exit node is a risky business as you have no 68 00:06:16,410 --> 00:06:24,450 control over what traffic goes through it and out of it on encrypted onto where you may get served with 69 00:06:24,450 --> 00:06:31,310 a copyright violation notice sued or even get a knock at the door and arrested. 70 00:06:31,350 --> 00:06:35,190 It does happen if you are thinking about setting one up. 71 00:06:35,190 --> 00:06:42,650 Check out this for configuring a toll relay on Debian and or a boon too if you are going to room one 72 00:06:42,830 --> 00:06:43,080 . 73 00:06:43,110 --> 00:06:50,730 The best thing to do is be very open about it so you can justify the traffic as not being your own. 74 00:06:50,730 --> 00:06:53,660 And the Tor Project helps a lot with this. 75 00:06:53,700 --> 00:06:55,430 So if you are going to run one. 76 00:06:55,440 --> 00:06:56,490 Check this out. 77 00:06:56,490 --> 00:07:00,670 Understand the legal side of being a relay operator. 78 00:07:00,780 --> 00:07:07,730 The Tor Project should provide guidance on any legal issues but it is of course your own risk. 79 00:07:07,770 --> 00:07:11,350 But it is good if you can support the Tor Project. 8951