Mass netflow data collection with > 90% of traffic visibility

Hi,

a bit dated, but I thought these two might be interesting to some of you:

While netflow data collection is not news per se, the coverage of this product (allegedly, > 90% of the internet traffic) is indeed worrying, as is, of course, the collected data. It is basically global blanket data retention (“Vorratsdatenspeicherung”), just without all the legal constraints that would have been in place if this wasn’t a private company collecting such data.

For those interested in privacy, VPN and anonymization proxy usage won’t help, since it is subject to rather easy deanonymization by netflow data analysis. I have not seen assessments regarding Tor, but would guess that things look better here, since Tor is built with such an adversary in mind.

On that note, this FAQ entry at Tor struck me as interesting:

Do I get better anonymity if I run a relay?

Yes, you do get better anonymity against some attacks.

The simplest example is an attacker who owns a small number of Tor relays. They will see a connection from you, but they won’t be able to know whether the connection originated at your computer or was relayed from somebody else.

There are some cases where it doesn’t seem to help: if an attacker can watch all of your incoming and outgoing traffic, then it’s easy for them to learn which connections were relayed and which started at you. (In this case they still don’t know your destinations unless they are watching them too, but you’re no better off than if you were an ordinary client.)

There are also some downsides to running a Tor relay. First, while we only have a few hundred relays, the fact that you’re running one might signal to an attacker that you place a high value on your anonymity. Second, there are some more esoteric attacks that are not as well-understood or well-tested that involve making use of the knowledge that you’re running a relay – for example, an attacker may be able to “observe” whether you’re sending traffic even if they can’t actually watch your network, by relaying traffic through your Tor relay and noticing changes in traffic timing.

It is an open research question whether the benefits outweigh the risks. A lot of that depends on the attacks you are most worried about. For most users, we think it’s a smart move.

My conclusion would be that running (non-exit) Tor relays at home can’t really hurt (IPFire has an add-on for this), especially not if there are Tor users behind it. After all, what’s more unobtrusive than a Tor relay establishing connections to other Tor relays? :slight_smile:

Thanks, and best regards,
Peter Müller

1 Like

This is terrifying and people in the west do not care. Yet.

Hi,

at least in the US (of all places, given the countries’ history on privacy), there seems to be some awareness regarding the general issue of government agencies buying data from private companies they could not have legally collected on their own:

From an internet users’ perspective, its a terrible situation indeed: Even if their ISP is not sharing netflow data itself, as soon as any uplink/carrier/internet exchange point traversed in a network connection does, the data is collected. This truly calls for regulation, provided that people actually care about it…

Thanks, and best regards,
Peter Müller

I hope that technical countermeasures will be developed, because regulations will never work. Retrospectively, not implementing encryption from day one was a mistake. I know, hindsight is 20/20.

1 Like