GitLab

Damian wrote a consensus tracker script that parses network status consensuses and compares them to a local database to identify possible Sybil attacks on the Tor network. Whenever it suspects an attack, it sends out an email for a human to check.

AFAIK, this script uses a simple approach of counting new relays and deciding whether this number exceeds a given threshold. This is a good start, but maybe we can do better.

We should sit down and analyze how we can detect Sybil attacks. We should also analyze past network statuses to see how many false positives we'd have and whether there might have been Sybil attacks in the past. Obviously, we won't detect all such attacks, in particular when making the detection code public and allowing smart attackers to adapt. But we can make sure that the dumbest attacks don't go unnoticed.

This is an Analysis ticket until we have finished the analysis of network statuses and come up with a design we can implement. Then it should become a Metrics Website ticket, because metrics-web is probably the most useful place to implement this. An alternative would be to write a standalone tool and put it in metrics-utils, but that would mean duplicating code that's already present in metrics-web.