N0TH1NG T0 H1D3

Transparency Report April 2023

April was pretty unremarkable. There weren’t many attacks and the situation is still fairly manageable. As mentioned in March, due to the decrease in attacks our servers have a lot of headroom available. For a unknown reason, Tor isn’t making use of the available resources and total contribution to the network is pretty much stagnated. In June we will look more closely in to what bottleneck can be responsible for this.

The metrics used in this report are rounded extrapolated snapshots of the final day of the month, to not give away too much specific information.

1 Requests & orders

We received 0 official LEA requests this month.

1.1 Law enforcement agencies (LEA)

LEA Requests Orders
n/a 0 0
Legal entity Requests
n/a 0

1.3 Natural persons

Natural person Requests
John Doe 0

2 Service report

2.1 Tor relays

Tor relays

178

Bandwidth

26 Gb/s

Monthly traffic

8.400 TB

Our exit probability share decreased a bit, mostly because of the aforementioned performance issues with Tor. Increasing our contribution to the Tor network should be easy with the hardware we use, but sadly that’s not the case.

Period # Guard # Exit Bandwidth Daily traffic Monthly traffic
November 2022 18 0 5.6 Gb/s 60 TB 1.800 TB
December 2022 34 18 12.8 Gb/s 138 TB 4.150 TB
January 2023 68 18 18.5 Gb/s 200 TB 6.000 TB
February 2023 3 124 22.5 Gb/s 240 TB 7.200 TB
March 2023 6 172 27.0 Gb/s 290 TB 8.700 TB
April 2023 6 172 26.0 Gb/s 281 TB 8.400 TB

Note that for these statistics both incoming and outgoing traffic are combined (just like Tor network’s metrics).

2.2 Tor DNS requests

Query response

2.300 per second

Daily queries

199 million

Monthly queries

6.0 billion

DNS requests on the Tor network are resolved by the Tor exit relays. This means that high capacity Tor exit relays can generate a lot of DNS queries. These queries are being resolved by multiple high capacity DNS resolvers.

In April the amount of queries-per-second decreased even more, despite the total Tor traffic staying the same. Our best guess is that one or more of the attacks also generated DNS queries because when the attacks stopped the amount of DNS queries also decreased considerably.

Period Query rate Daily queries Monthly queries
November 2022 0 0 0
December 2022 870 75.000.000 2.300.000.000
January 2023 2.100 181.000.000 5.400.000.000
February 2023 3.150 272.000.000 8.200.000.000
March 2023 2.900 251.000.000 7.500.000.000
April 2023 2.300 199.000.000 6.000.000.000

Do note that we don’t log the contents of DNS queries.

2.3 Tor diversity

One of our major goals is to break the GNU/Linux monoculture currently present on the Tor network. Monocultures in nature are dangerous, as vulnerabilities are held in common across a broad spectrum. In a globally used anonymity network, monocultures can be disastrous.

We make the Tor network stronger and more resilient by running all our relays on FreeBSD. Here we report on our ongoing effort to increase operating system diversity on the Tor network.

Period NTH Guard BSD Guard GNU Guard NTH Exit BSD Exit GNU Exit
November 2022 0.11% 6.1% 93.9% 0.0% 0.9% 99.1%
December 2022 0.12% 6.2% 93.8% 4.46% 6.0% 94.0%
January 2023 1.54% 7.5% 92.5% 11.4% 16.0% 84.0%
February 2023 0.13% 6.0% 94.0% 15.0% 19.0% 81.0%
March 2023 0.14% 4.9% 94.7% 15.5% 16.0% 84.0%
April 2023 0.12% 4.4% 95.6% 12.0% 13.0% 87.0%

The overall BSD exit share decreased again, probably due to the decrease in total amount of other (excluding our relays) BSD relays on the network. This is somewhat worrisome because despite Nothing to hide only runs 178 out of 452 (39%) BSD relays, we’re contributing ~97% of BSD exit relay bandwidth. Linux increased its exit share to 87% and this shows how big the monoculture problem for exit relays really is.

If any Tor operator reading this is interested in running Tor relays on BSD, please contact us and we will gladly help out.

2.4 DDoS attacks

As mentioned April was a great month because there were less attacks while the attacks that remained were less severe as well.