April was pretty unremarkable. There weren’t many attacks and the situation is still fairly manageable. As mentioned in March, due to the decrease in attacks our servers have a lot of headroom available. For a unknown reason, Tor isn’t making use of the available resources and total contribution to the network is pretty much stagnated. In June we will look more closely in to what bottleneck can be responsible for this.
The metrics used in this report are rounded extrapolated snapshots of the final day of the month, to not give away too much specific information.
We received 0 official LEA requests this month.
Our exit probability share decreased a bit, mostly because of the aforementioned performance issues with Tor. Increasing our contribution to the Tor network should be easy with the hardware we use, but sadly that’s not the case.
|Period||# Guard||# Exit||Bandwidth||Daily traffic||Monthly traffic|
|November 2022||18||0||5.6 Gb/s||60 TB||1.800 TB|
|December 2022||34||18||12.8 Gb/s||138 TB||4.150 TB|
|January 2023||68||18||18.5 Gb/s||200 TB||6.000 TB|
|February 2023||3||124||22.5 Gb/s||240 TB||7.200 TB|
|March 2023||6||172||27.0 Gb/s||290 TB||8.700 TB|
|April 2023||6||172||26.0 Gb/s||281 TB||8.400 TB|
Note that for these statistics both incoming and outgoing traffic are combined (just like Tor network’s metrics).
2.300 per second
DNS requests on the Tor network are resolved by the Tor exit relays. This means that high capacity Tor exit relays can generate a lot of DNS queries. These queries are being resolved by multiple high capacity DNS resolvers.
In April the amount of queries-per-second decreased even more, despite the total Tor traffic staying the same. Our best guess is that one or more of the attacks also generated DNS queries because when the attacks stopped the amount of DNS queries also decreased considerably.
|Period||Query rate||Daily queries||Monthly queries|
Do note that we don’t log the contents of DNS queries.
One of our major goals is to break the GNU/Linux monoculture currently present on the Tor network. Monocultures in nature are dangerous, as vulnerabilities are held in common across a broad spectrum. In a globally used anonymity network, monocultures can be disastrous.
We make the Tor network stronger and more resilient by running all our relays on FreeBSD. Here we report on our ongoing effort to increase operating system diversity on the Tor network.
|Period||NTH Guard||BSD Guard||GNU Guard||NTH Exit||BSD Exit||GNU Exit|
The overall BSD exit share decreased again, probably due to the decrease in total amount of other (excluding our relays) BSD relays on the network. This is somewhat worrisome because despite Nothing to hide only runs 178 out of 452 (39%) BSD relays, we’re contributing ~97% of BSD exit relay bandwidth. Linux increased its exit share to 87% and this shows how big the monoculture problem for exit relays really is.
If any Tor operator reading this is interested in running Tor relays on BSD, please contact us and we will gladly help out.
As mentioned April was a great month because there were less attacks while the attacks that remained were less severe as well.