Most active commenters
  • flipped(4)
  • (3)

←back to thread

The Tor Project is switching to Rust

(itsfoss.com)
348 points giuliomagnifico | 26 comments | 12 Dec 25 12:35 UTC | HN request time: 1.142s | source | bottom
Show context
shevy-java ◴[12 Dec 25 13:02 UTC] No.46243731[source]
Hmmmm.

My biggest gripe with the Tor project is that it is so slow.

I don't think merely moving to Rust makes Tor faster either. And I am also not entirely convinced that Rust is really better than C.

replies(10): >>46243753 #>>46243757 #>>46243847 #>>46244186 #>>46244200 #>>46244358 #>>46244381 #>>46244536 #>>46244541 #>>46245224 #
1. rpigab ◴[12 Dec 25 13:17 UTC] No.46243847[source]
I had that problem too, very slow on network requests, just change the setting "num_relays_proxied" from 3 to 1 to make it blazingly fast.
replies(8): >>46243865 #>>46243866 #>>46243879 #>>46244073 #>>46244361 #>>46244594 #>>46244675 #>>46246156 #
2. kaoD ◴[12 Dec 25 13:21 UTC] No.46243865[source]
If this is sarcastic you should probably add /s or someone might actually follow your "advice".
replies(3): >>46244072 #>>46244760 #>>46245336 #
3. deafpolygon ◴[12 Dec 25 13:21 UTC] No.46243866[source]
You should preface this with some important information about what that does.

There are some trade-offs!

Changing that setting to 1 gives you weaker anonymity guarantees. Using multiple guards spreads your traffic across different IP addresses, making it harder for an adversary who controls a subset of the network to correlate your activity.

Reducing to a single guard concentrates all traffic through one point, increasing the chance that a hostile relay could observe a larger fraction of your streams...

replies(1): >>46245431 #
4. willvarfar ◴[12 Dec 25 13:23 UTC] No.46243879[source]
Then the single relay knows both who you are (your IP) and where you are going. This offers no anonymity against the relay itself.

3 relays is the goldilocks number for speed vs privacy. Using less is not a tradeoff the usual user of Tor should make.

replies(1): >>46243909 #
5. 1313ed01 ◴[12 Dec 25 13:25 UTC] No.46243909[source]
How is 3 so much better than 2, but 4 not so much better than 3?
replies(4): >>46243987 #>>46244033 #>>46244218 #>>46244260 #
6. willvarfar ◴[12 Dec 25 13:36 UTC] No.46243987{3}[source]
1 = no privacy from relay

2 = risk of collusion between relays

3 = goldilocks default

4 = ... actually, you have more attack surface and you are more susceptible to fingerprinting because everybody else is using 3, so you're timings etc help identify you

So the default is 3 and nobody ought change it! Use 3 like everybody else.

The exception is .onion sites. TOR actually deliberately defaults to 6 hops when accessing .oninon sites - 3 to protect you and 3 to project the site.

replies(3): >>46244041 #>>46244145 #>>46244806 #
7. nostrademons ◴[12 Dec 25 13:41 UTC] No.46244033{3}[source]
Knowing not so much about Tor but some about math: the number of nodes you need to compromise in order to de-anonymize a Tor user is exponential in the number of hops. Google says there are roughly 7000 Tor nodes, including 2000 guards (entry) and 1000 exit nodes. If you have a single hop, there's roughly a 1/1000 chance that you will connect to a single malicious node that can de-anonymize you, going up linearly with the number of nodes an attacker controls. If you have 3 hops, you have a 1 in 1000 * 7000 * 2000 = roughly 14 billion chance. 2 hops would give you 1 in 2 million, 4 hops would give you 1 in 1000 * 7000 * 7000 * 2000 = 98 trillion. In practical terms 1:14B is about the same as 1:98T (i.e. both are effectively zero), but 1:2M is a lot higher.
replies(1): >>46244118 #
8. Surac ◴[12 Dec 25 13:41 UTC] No.46244041{4}[source]
That reminds me of the holy Handgranate of the Monty pythons
9. ◴[12 Dec 25 13:45 UTC] No.46244072[source]
10. flipped ◴[12 Dec 25 13:45 UTC] No.46244073[source]
What's the point of having one relay? You're better off using a reputable VPN like mullvad or ivpn. Tor is the best you're gonna get for low latency anonymous overlay network. It's been studied and refined over the years.
replies(2): >>46244417 #>>46244823 #
11. flipped ◴[12 Dec 25 13:50 UTC] No.46244118{4}[source]
There are currently ~9000 relays if you look at https://metrics.torproject.org/networksize.html. The current problem is the fact that majority of relays are in Germany and if you rotate your circuits enough, you'll also notice the same path. German govt has been very hostile towards Tor for a long time, they were also behind KAX17. We need more relays obviously but also in different regions.
12. flipped ◴[12 Dec 25 13:53 UTC] No.46244145{4}[source]
There's no exit nodes for onions because there's nothing to exit to. Nothing beats anonymity of onions and it's design is well created.
13. throawayonthe ◴[12 Dec 25 14:01 UTC] No.46244218{3}[source]
because then there is at least one node that knows neither the source nor the destination of a request
14. sph ◴[12 Dec 25 14:06 UTC] No.46244260{3}[source]
The law of diminishing returns
15. ◴[12 Dec 25 14:18 UTC] No.46244361[source]
16. raxxorraxor ◴[12 Dec 25 14:26 UTC] No.46244417[source]
It would shifts part of the data route info from your provider toward that particular relay.

But I wouldn't recommend it of course.

replies(1): >>46244593 #
17. flipped ◴[12 Dec 25 14:42 UTC] No.46244593{3}[source]
Of course it would hence you should stick with mullvad, a reputable VPN. Tor is not made for single relay paths, you're just wasting it's potential.
18. ◴[12 Dec 25 14:42 UTC] No.46244594[source]
19. Aurornis ◴[12 Dec 25 14:50 UTC] No.46244675[source]
This is a joke, for those who didn’t notice.

Tor is slow because traffic is routed through multiple layers. The design priority is anonymity, not speed.

20. fragmede ◴[12 Dec 25 15:02 UTC] No.46244760[source]
Or people should not be idiots and think for themselves just a smidge, and not use /s.
21. mapt ◴[12 Dec 25 15:07 UTC] No.46244806{4}[source]
The right number for you to use is the default. But the right default is not necessarily 3.
22. mapt ◴[12 Dec 25 15:09 UTC] No.46244823[source]
It's very difficult for me to contemplate how anybody could run a VPN, however reputable, that isn't compromised by one intelligence agency at least. Their incentive structures and their costs to participate in this space just make it a no-brainer.

If you're starting a brand new VPN company with ironclad ideals about privacy - are you going to be able to compete with state-run enterprises that can subsidize their own competing "businesses", on top of whatever coercive authority they possess to intervene in local small businesses?

23. rpigab ◴[12 Dec 25 15:58 UTC] No.46245336[source]
They should be fine since I made up the setting name, and even though I am not familiar with Tor client's configuration, I don't believe this is possible without altering its source code.

Also, using this kind of software without understanding how its works even just a little doesn't protect much of your privacy.

replies(1): >>46245424 #
24. adastra22 ◴[12 Dec 25 16:06 UTC] No.46245424{3}[source]
Yeah I was confused! Pretty sure this is not configurable.
25. adastra22 ◴[12 Dec 25 16:06 UTC] No.46245431[source]
The setting doesn’t exist.
26. paulddraper ◴[12 Dec 25 17:14 UTC] No.46246156[source]
Your config improvement made it into Google AI https://i.imgur.com/v5DsXy9.png