Compared to the scale of the budget of small research projects run by national intelligence agency sized organizations, you wouldn't have to be very well funded to run a sizeable proportion of all tor exit nodes with some degree of plausible deniability... 500 credit cards 500 unique bililng names/addresses and sets of contact info spread 500 1U servers around the world in as many geographically unique locations as you can find, with every dedicated hosting/colo company... average of $150/mo x 500 = $75,000 On Wed, May 11, 2016 at 5:08 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Wed, 11 May 2016 21:07:21 +0200, Florian Weimer said:
* Chris Adams:
First, out of the box, if you use the public pool servers (default config), you'll typically get 4 random (more or less) servers from the pool. There are a bunch, so Joe Random Hacker isn't going to have a high chance of guessing the servers your system is using.
A determined attacker will just run servers in the official pool.
Such attacks have allegedly been attempted against Tor by certain very well funded adversaries.
Thus my statement that if you're seeing that scale attack on your time sources, the fact that your time source is being attacked is the *least* of your problems...