在「Is “KAX17” performing de-anonymization Attacks against Tor Users?」這邊看到針對 Tor 網路攻擊的一些說明...
BTCMITM20 這組比較好理解,目標也比較明確:
primary motivation: financial profit (by replacing bitcoin addresses in tor exit traffic)
KAX17 這組看起來就比較像是政府單位在後面掛:
motivation: unknown; plausible: Sybil attack; collection of tor client and/or onion service IP addresses; deanonymization of tor users and/or onion services
其中可以看到同時掌握了不少 hop,這樣就很有機會一路串起來:
To provide a worst-case snapshot, on 2020–09–08 KAX17's overall tor network visibility would allow them to de-anonymize tor users with the following probabilities:
- first hop probability (guard) : 10.34%
- second hop probability (middle): 24.33%
- last hop probability (exit): 4.6%
由於 Tor 是匿名網路,目前最好的防禦方式還是讓更多人參與加入節點,降低單一團體可以取得足夠組出的資料... 之後找機會整理一下跑了一年多 exit node 的想法好了。