-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello.
Tor at 1AEO wrote: > These emails suggest Hetzner monitors flow-level data (e.g., NetFlow), > which raises concerns about potential exposure of Tor traffic > characteristics. Every major service provider will do that. I would be surprised if there exists any AS in the world that Tor traffic goes through that does not. What matters is whether or not this traffic flow data is insecurely transmitted over the network or sold, and whether it is triggered on an event (such as an abnormal pps/bps ratio) or if it is unconditionally enabled for all flows (which would be highly problematic for privacy). While I definitely worry that such flow records are being sold/exported to the likes of Team Cymru and other "threat analysis" services, the mere fact that Hetzner has insight into their traffic using flow-level monitoring is not something that concerns me in the slightest. Regards, forest -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvLrj6cuOL+I/KdxYBh18rEKN1gsFAmlSPI0ACgkQBh18rEKN 1gvMdhAAh2VOOp+PD0RHq6/+HVGnpXX+vWZbzuyLyK30rXdQmGiRLDGV7CfJ6fn2 vWmTSCT7VJtCxSCpi6M6aO7LDu6bE+JUXrAtUoOyWbweks9S9N2Zaos0YHjiM1lY 2cfdVFVPu1UJkTVbjI+uuuLC49FdGE9I3NpB6ZGuCuw52A1uvfNSs867+2Cu34tE 7rm1Vl9t+DlN1pwDnfWWswdmx5WnHQ0lfBpQsp511um6LZGIi5yVi4KtNj5FXJsb HdwFFbnAHdoHzYTM0D4J2KEDKvoM0c8eYURJ7TLdUgU6WDZgvn7IVBRxMIZVe1iZ o26c9tZW2GGM+UK4P/V0iKSUauKR/7oZC4J+HfqyyXMEpxhrqRDo40FL7Ljm43wF ZT9mMBjuLcM0zkaNEqzTi0ldR5EAZrOSt5Plar1BRQHxUSGV5hoblSnwkacppTDa NKLcacIvQlFiib3X5vmMuJflrPQr7EWSnE235uW8WtbAEJXCLNJLCP6I4nvoCXzT xiEPBzx+qcoAhX5gQ5oTe0d8t5z5tHi22oKzMaW152B4I+p3aVkf6PxGtd4E2y2W wxxc2LuWaZWOgVyAuE/KH1tyqBnbA/Jz808VWl1eXB71F+0XSkngLRW3IDUoTcwx q8zD28puXMBtjGwObVw3X183g1pbvXlszabkTDa4d+u5s3iI8Rk= =uVHV -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list -- [email protected] To unsubscribe send an email to [email protected]
