Tor relays
127
Transparency Report February 2023
In February we converted most of the guard and middle relays to exit relays because of the severity of the attacks to guard relays. Exit relays are attacked pretty much constantly as well, but those attacks are less severe and somewhat easier to manage. We might host guard relays in the future again, when the Tor project finds more effective measures to mitigate the attacks.
As a result, the exit probability share of Nothing to hide exit relays grew by ~5% to ~15% in total.
The metrics used in this report are rounded extrapolated snapshots of the final day of the month, to not give away too much specific information.
1 Requests & orders
We received 3 official LEA requests this month but couldn’t comply with any of these requests because of the nonexistence of the requested data.
1.1 Law enforcement agencies (LEA)
| LEA | Requests | Orders |
|---|---|---|
| Police via Ministry of Internal Affairs (Bosnia and Herzegovina) | 1 | 0 |
| Cyber Crime Police Station (Republic of India) | 2 | 0 |
1.2 Legal entities
| Legal entity | Requests |
|---|---|
| n/a | 0 |
1.3 Natural persons
| Natural person | Requests |
|---|---|
| John Doe | 0 |
2 Service report
2.1 Tor relays
Bandwidth
22.5 Gb/s
Monthly traffic
7.200 TB
Because of the increase in maximum amount of Tor relays per IPv4 address we were finally able to somewhat saturate the CPU’s on the exit relay servers in February. This also means that Nothing to hide’s contribution to the Tor network won’t grow much from now on, unless we invest in new servers.
| Period | # Guard | # Exit | Bandwidth | Daily traffic | Monthly traffic |
|---|---|---|---|---|---|
| November 2022 | 18 | 0 | 5.6 Gb/s | 60 TB | 1.800 TB |
| December 2022 | 34 | 18 | 12.8 Gb/s | 138 TB | 4.150 TB |
| January 2023 | 68 | 18 | 18.5 Gb/s | 200 TB | 6.000 TB |
| February 2023 | 3 | 124 | 22.5 Gb/s | 240 TB | 7.200 TB |
Note that for these statistics both incoming and outgoing traffic are combined (just like Tor network’s metrics).
2.2 Tor DNS requests
Query response
3.150 per second
Daily queries
272 million
Monthly queries
8.2 billion
DNS requests on the Tor network are resolved by the Tor exit relays. This means that high capacity Tor exit relays can generate a lot of DNS queries. These queries are being resolved by multiple high capacity DNS resolvers.
As expected, the queries-per-second rate increased considerably because of the addition of more exit relays. Our DNS-over-TLS servers are still able to handle this load very well.
| Period | Query rate | Daily queries | Monthly queries |
|---|---|---|---|
| November 2022 | 0 | 0 | 0 |
| December 2022 | 870 | 75.000.000 | 2.300.000.000 |
| January 2023 | 2.100 | 181.000.000 | 5.400.000.000 |
| February 2023 | 3.150 | 272.000.000 | 8.200.000.000 |
Do note that we don’t log the contents of DNS queries.
2.3 Tor diversity
One of our major goals is to break the GNU/Linux monoculture currently present on the Tor network. Monocultures in nature are dangerous, as vulnerabilities are held in common across a broad spectrum. In a globally used anonymity network, monocultures can be disastrous.
We make the Tor network stronger by running all our relays on FreeBSD. Here we report on our ongoing effort to increase operating system diversity on the Tor network.
| Period | NTH Guard | BSD Guard | GNU Guard | NTH Exit | BSD Exit | GNU Exit |
|---|---|---|---|---|---|---|
| November 2022 | 0.11% | 6.1% | 93.9% | 0.0% | 0.9% | 99.1% |
| December 2022 | 0.12% | 6.2% | 93.8% | 4.46% | 6.0% | 94.0% |
| January 2023 | 1.54% | 7.5% | 92.5% | 11.4% | 16.0% | 84.0% |
| February 2023 | 0.13% | 6.0% | 94.0% | 15.0% | 19.0% | 81.0% |
In February the NTH consensus weight of exit traffic hit the milestone of 15%, which bumped the BSD consensus weight of exit traffic to almost 20%. These are some nice results, which could of course be improved even further to improve Tor’s network diversity, but for now (and with the ongoing attacks) the hardware we use is at its limit.
The increase in exit relay traffic sadly came at the expense of guard relay traffic. There is not much we can do about that for now, but we have ambitions to increase this in the future when the Tor project is able to mitigate the attacks more effectively.
2.4 DDoS attacks
February was another month where our infrastructure was targeted by numerous DDoS attacks in different shapes and sizes. This resulted in a significant reduction to our bandwidth contribution to the Tor network.
We experimented a lot with different kernel/software based firewalls such as PF and IPFW, but sadly the adverse performance impact of stateful firewalling is incredibly huge. In the coming months we have to look in to a different approach to thwart the adversaries’ efforts more effectively.