Transparency Report February 2023

In February we converted most of the guard and middle relays to exit relays because of the severity of the attacks to guard relays. Exit relays are attacked pretty much constantly as well, but those attacks are less severe and somewhat easier to manage. We might host guard relays in the future again, when the Tor project finds more effective measures to mitigate the attacks.

As a result, the exit probability share of Nothing to hide exit relays grew by ~5% to ~15% in total.

The metrics used in this report are rounded extrapolated snapshots of the final day of the month, to not give away too much specific information.

1 Requests & orders

We received 3 official LEA requests this month but couldn’t comply with any of these requests because of the nonexistence of the requested data.

1.1 Law enforcement agencies (LEA)

LEA Requests Orders
Police via Ministry of Internal Affairs (Bosnia and Herzegovina) 1 0
Cyber Crime Police Station (Republic of India) 2 0
Legal entity Requests
n/a 0

1.3 Natural persons

Natural person Requests
John Doe 0

2 Service report

2.1 Tor relays

Tor relays



22.5 Gb/s

Monthly traffic

7.200 TB

Because of the increase in maximum amount of Tor relays per IPv4 address we were finally able to somewhat saturate the CPU’s on the exit relay servers in February. This also means that Nothing to hide’s contribution to the Tor network won’t grow much from now on, unless we invest in new servers.

Period # Guard # Exit Bandwidth Daily traffic Monthly traffic
November 2022 18 0 5.6 Gb/s 60 TB 1.800 TB
December 2022 34 18 12.8 Gb/s 138 TB 4.150 TB
January 2023 68 18 18.5 Gb/s 200 TB 6.000 TB
February 2023 3 124 22.5 Gb/s 240 TB 7.200 TB

Note that for these statistics both incoming and outgoing traffic are combined (just like Tor network’s metrics).

2.2 Tor DNS requests

Query response

3.150 per second

Daily queries

272 million

Monthly queries

8.2 billion

DNS requests on the Tor network are resolved by the Tor exit relays. This means that high capacity Tor exit relays can generate a lot of DNS queries. These queries are being resolved by multiple high capacity DNS resolvers.

As expected, the queries-per-second rate increased considerably because of the addition of more exit relays. Our DNS-over-TLS servers are still able to handle this load very well.

Period Query rate Daily queries Monthly queries
November 2022 0 0 0
December 2022 870 75.000.000 2.300.000.000
January 2023 2.100 181.000.000 5.400.000.000
February 2023 3.150 272.000.000

Do note that we don’t log the contents of DNS queries.

2.3 Tor diversity

One of our major goals is to break the GNU/Linux monoculture currently present on the Tor network. Monocultures in nature are dangerous, as vulnerabilities are held in common across a broad spectrum. In a globally used anonymity network, monocultures can be disastrous.

We make the Tor network stronger by running all our relays on FreeBSD. Here we report on our ongoing effort to increase operating system diversity on the Tor network.

Period NTH Guard BSD Guard GNU Guard NTH Exit BSD Exit GNU Exit
November 2022 0.11% 6.1% 93.9% 0.0% 0.9% 99.1%
December 2022 0.12% 6.2% 93.8% 4.46% 6.0% 94.0%
January 2023 1.54% 7.5% 92.5% 11.4% 16.0% 84.0%
February 2023 0.13% 6.0% 94.0% 15.0% 19.0% 81.0%

In February the NTH consensus weight of exit traffic hit the milestone of 15%, which bumped the BSD consensus weight of exit traffic to almost 20%. These are some nice results, which could of course be improved even further to improve Tor’s network diversity, but for now (and with the ongoing attacks) the hardware we use is at its limit.

The increase in exit relay traffic sadly came at the expense of guard relay traffic. There is not much we can do about that for now, but we have ambitions to increase this in the future when the Tor project is able to mitigate the attacks more effectively.

2.4 DDoS attacks

February was another month where our infrastructure was targeted by numerous DDoS attacks in different shapes and sizes. This resulted in a significant reduction to our bandwidth contribution to the Tor network.

We experimented a lot with different kernel/software based firewalls such as PF and IPFW, but sadly the adverse performance impact of stateful firewalling is incredibly huge. In the coming months we have to look in to a different approach to thwart the adversaries’ efforts more effectively.