Counting daily bridge users

Similar documents
Measuring the Tor Network Evaluation of Relays from Public Directory Data

Reducing the Circuit Window Size in Tor

Difference Between Dates Case Study 2002 M. J. Clancy and M. C. Linn

Tor Experimentation Tools

Nigerian Telecommunications Sector

Whitepaper Spain SEO Ranking Factors 2012

REPORT ON TELECOMMUNICATIONS SERVICE QUALITY WINDSTREAM FLORIDA, INC.

Predicting Messaging Response Time in a Long Distance Relationship

Divisibility Rules and Their Explanations

Effects of PROC EXPAND Data Interpolation on Time Series Modeling When the Data are Volatile or Complex

Privacy and Proxy Service Provider Accreditation. ICANN58 Working Meeting 11 March 2017

Adaptive throttling of Tor clients by entry guards

Meltwater Pulse Spotify Q3 2014

DB2 is a complex system, with a major impact upon your processing environment. There are substantial performance and instrumentation changes in

A Class of Weak Keys in the RC4 Stream Cipher Preliminary Draft

Using TLC to Check Inductive Invariance

Securing our Package Distribution System

Here are a couple of warnings to my students who may be here to get a copy of what happened on a day that you missed.

Nigerian Telecommunications (Services) Sector Report Q2 2016


Identifying and characterizing Sybils in the Tor network

Chapter 3 Analyzing Normal Quantitative Data

Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

One Fast Guard for Life (or 9 months)

Nigerian Telecommunications (Services) Sector Report Q3 2016

SCSUG Paper THE SECRET TO SAS DATES. Alison Little, MPP Texas Health and Human Services Commission

Whitepaper Italy SEO Ranking Factors 2012

Distributed Consensus Protocols

CS3: Introduction to Symbolic Programming. Lecture 8: Introduction to Higher Order Functions. Spring 2008 Nate Titterton

Principles of Algorithm Design

PrintFleet Page Counts Overview

Basic Combinatorics. Math 40210, Section 01 Fall Homework 4 Solutions

Monitor Qlik Sense sites. Qlik Sense Copyright QlikTech International AB. All rights reserved.

The main issue is that the mean and standard deviations are not accurate and should not be used in the analysis. Then what statistics should we use?

8.4 Graphs of Sine and Cosine Functions Additional Material to Assist in Graphing Trig Functions

Skewed-Associative Caches: CS752 Final Project

COMP 250 Fall recurrences 2 Oct. 13, 2017

INTERTANKO Vetting seminar 24 th October 2017

Designing Adhoc Reports

Random input testing with R

Undergraduate Admission File

9 abcd = dcba b + 90c = c + 10b b = 10c.

Root KSK Rollover Update (or, We're really doing it this time)

Whitepaper US SEO Ranking Factors 2012

SYS 6021 Linear Statistical Models

Performance Evaluation of Tor Hidden Services

SAS Scalable Performance Data Server 4.3

Experimenting with bags (tables and query answers with duplicate rows):

9 abcd = dcba b + 90c = c + 10b b = 10c.

Interim Report Technical Support for Integrated Library Systems Comparison of Open Source and Proprietary Software

Intellicus Enterprise Reporting and BI Platform

Why Jan 1, 1960? See:

November 2016 G. Oscar Anderson, Senior Research Advisor AARP Research

RFC Editor Reporting April 2013

Computer Systems C S Cynthia Lee Today s materials adapted from Kevin Webb at Swarthmore College

Organizing and Summarizing Data

Splitting a Procedure File

Conditional Formatting

NON-CALCULATOR ARITHMETIC

INFORMATION TECHNOLOGY SPREADSHEETS. Part 1

CS 3L (Clancy) Solutions and grading standards for exam 1

GLOBAL VIDEO INDEX Q3 2012

Quarterly Sales (in millions) FY 16 FY 15 FY 14 Q1 $706.8 $731.1 $678.5 Q Q Q

DATE OF BIRTH SORTING (DBSORT)

AIMMS Function Reference - Date Time Related Identifiers

Single Family Months of Inventory. Condo Months of Inventory. May calgary regional housing market statistics

This is the forth SAP MaxDB Expert Session and this session covers the topic database performance analysis.

(S)LOC Count Evolution for Selected OSS Projects. Tik Report 315

MBB Robot Crawler Data Report in 2014H1

Design and Analysis of Algorithms Prof. Madhavan Mukund Chennai Mathematical Institute. Week 02 Module 06 Lecture - 14 Merge Sort: Analysis

Chapter 1 Operations With Numbers

Chapter 3 - Displaying and Summarizing Quantitative Data

The attendee will get a deep dive into all the DDL changes needed in order to exploit DB2 V10 Temporal tables as well as the limitations.

2012 in review: Tor and the censorship arms race. / Runa A. Sandvik /

Pluggable Transports Roadmap

Graph Structure Over Time

Reverberation prediction using the Image Source Method

Our First Programs. Programs. Hello World 10/7/2013

Math 182. Assignment #4: Least Squares

Read and fill in this page now. Your instructional login (e.g., cs3-ab): Your lab section days and time: Name of the person sitting to your left:

No domain left behind

To complete the computer assignments, you ll use the EViews software installed on the lab PCs in WMC 2502 and WMC 2506.

Stat 428 Autumn 2006 Homework 2 Solutions

Running SNAP. The SNAP Team October 2012

03-186r5 SAS-1.1 Transport layer retries 13 January 2004

SCI - NIH/NCRR Site. Web Log Analysis Yearly Report Report Range: 01/01/ :00:00-12/31/ :59:59.

1.1 This information note accompanies Transport for Greater Manchester s bus route map data released at:

Math 120 Introduction to Statistics Mr. Toner s Lecture Notes 3.1 Measures of Central Tendency

LOADS, CUSTOMERS AND REVENUE

ROUNDING ERRORS LAB 1. OBJECTIVE 2. INTRODUCTION

Topology and Topological Spaces

ScaleLink Pro USER GUIDE

Anonymity Tor Overview

4-Byte AS Numbers. The view from the old BGP world. Geoff Huston October 2006 APNIC

New Products & Innovation

Grade 4 Mathematics Pacing Guide

Onion services. Philipp Winter Nov 30, 2015

Applied Algorithm Design Lecture 3

I.A.C. - Italian Activity Contest.

5.6 Rational Equations

Transcription:

Counting daily bridge users Karsten Loesing karsten@torproject.org Tor Tech Report 212-1-1 October 24, 212 Abstract As part of the Tor Metrics Project, we want to learn how many people use the Tor network on a daily basis. Counting users in an anonymity network is, obviously, a difficult task for which we cannot collect too sensitive usage data. We came up with a privacypreserving approach for estimating directly connecting user numbers by counting requests to the directory mirrors and deriving approximate user numbers from there. In this report we describe a modified approach for estimating the number of users connecting via bridges by evaluating directory requests made to bridges. We compare this new approach to our current approach that estimates bridge user numbers from total unique IP addresses seen at bridges. We think that results from the new approach are closer to reality, even though that means there are significantly fewer daily bridge users than originally expected. 1 Introduction to our new approach to count bridge users In this report we describe a new approach for estimating the number of daily users connecting to the Tor network via a bridge. This new approach uses counts of directory requests made to bridges as its main data sources. This is similar to how we estimate daily directly connecting users that connect to the Tor network via a non-bridge relay. Our current approach for estimating daily bridge users is to count unique IP addresses of connecting clients at bridges. We refer to our earlier report [1] for an overview of estimating user numbers in the Tor network. We estimate daily bridge users by first summing up directory requests per day reported by bridges (Section 2). We extrapolate these reported requests to the expected total number of directory requests in the network (Section 3). We then assume that there is an average number of 1 directory requests that every client makes per day and derive daily user numbers by dividing by that average number (Section 4). We further derive users per country by including country information of connecting IP addresses (Section 5). There are at least two ways to remove unwanted artifacts from results: we may have to ignore reports from bridges that have been running as non-bridge relays and that might still report directly connecting users (Section 6); and we may need to ignore days when there were problems with the consensus process, leading to an increase in directory requests which is likely not caused by an actual increase in users (Section 7). 1

15, 1, 5, Jul 211 Oct 211 Jan 212 Apr 212 Jul 212 Oct 212 Figure 1: Daily sums of directory requests reported by all bridges 2 Counting reported directory requests to bridges per day All relays running a recent enough Tor version contain code to collect and report statistics on processed directory requests over 24-hour periods. We refer to our previous work [3] for more details on aggregating usage statistics in Tor. Bridges were originally not supposed to report directory request statistics, because bridge users were estimated based on unique IP address counts, and we wanted to avoid collecting any more data than needed. But due to a bug, only part of directory request statistics were suppressed when running in bridge relay mode. As a result, bridges report a trimmed version of directory request statistics, which are however still enough to estimate daily users. As an example, the following directory request statistics were reported by a bridge in September 212. extra-info goinpostal 7363FF835F5D79EA1FCC2EB757B3866D4515F7 dirreq-stats-end 212-9-18 15:26:38 (864 s) dirreq-v3-resp ok=54,not-enough-sigs=,unavailable=,not-found=,not-modified=,busy= From this example we learn that this bridge successfully processed 5,4 version 3 directory requests in the 24 hours preceding September 18, 212, 15:26:38 UTC. We have no information how many of these requests happened in the 8.5 hours of September 17 or in the 15.5 hours of September 18. We assume a uniform distribution of requests over the 24-hour interval and count 1,797 requests for September 17 and 3,243 requests for September 18. We extract these data points for all bridges publishing their descriptors to the bridge authority and sum up responses per day. Figure 1 contains the number of reported requests per day. A few observations: 1. There were hardly any reported requests until September 211. The likely explanation is that, before Tor version.2.3.1-alpha, collecting and reporting directory request statistics 2

was disabled by default. This default was changed in Tor version.2.3.1-alpha which was released on May 5, 211. With more and more bridges upgrading to the.2.3 series, the number of reported directory requests increased, too. 2. The reported request numbers in September and October 211 have quite high volatility, making it difficult to use these request numbers for actual user number estimates. 3. There are at least three unusual spikes in request numbers in November 211, January 212, and April 212, which were unlikely caused by sudden increases and decreases in user numbers. 4. From November 211 on, there is a general downward trend from around 6, requests per day to just 3, in September 212. 3 Extrapolating to total directory requests in the network So far, we only know how many directory requests were processed by the bridges reporting them. We need to take into account that not all bridges report these statistics for various reasons: bridges may not be configured to report directory request statistics, which in particular applies to bridges running an earlier version than.2.3.1-alpha; bridges may run for less than 24 hours, thus not finishing a 24 hour statistics interval and discarding requests processed up to that time; bridges may have finished a 24-hour statistics interval, but went offline before publishing statistics to the bridge authority. (We analyzed in more detail what fraction of our bridges are not reporting usage statistics in [2].) As a result, we need to extrapolate reported requests to what we expect as the total number of requests in the network. A straight-forward way to extrapolate to the total number of directory requests in the network would be to make the following assumption: every bridge that does not report directory request statistics, on average, processes as many directory requests as a bridge that reports them. Under this assumption, we could count the number of running bridges per day and the number of bridges reporting directory request statistics, compute the fraction of reporting bridges, and divide reported requests by that fraction. This assumption works fine as long as the variance between request numbers processed by bridges is small, or as long as the fraction of reporting bridges is high. However, the former is not the case, because there are some hard-coded bridge addresses in bundles distributed on the Tor website, leading to these bridges processing and maybe reporting far more directory requests than others. The latter is not always the case either, in particular before September 211, as we could see in Figure 1. A better way to extrapolate to total requests in the network is to consider a second statistic published by a subset of bridges: the number of bytes written to respond to directory requests. We assume that this number is proportional to the number of processed directory requests, even though we do not assume an exact linear relation. The subset of bridges reporting byte statistics is not necessarily the same subset thas is reporting directory request statistics. By taking into account byte histories, we can better estimate how many directory requests have not been reported by bridges that at least have reported byte histories. An example for reported written directory bytes, coming from the same extra-info descriptor as the example above, is as follows: 3

H: bridges reporting write histories N: all bridges R: bridges reporting directory request statistics Figure 2: Subsets of bridges reporting write histories and directory request statistics extra-info goinpostal 7363FF835F5D79EA1FCC2EB757B3866D4515F7 dirreq-write-history 212-9-19 5:17:32 (9 s) 1337368,15398,5675114,27235328, 14555136,1524672,63341568,37339136,24343552,2249112,29155328,17792,3528,[...] From these write histories we can extract how many bytes a bridge has spent on answering directory requests on a given day. By looking at the reported directory request history values, we can learn how many bytes were written while the bridge was also collecting and later reporting directory request statistics, and we can learn how many bytes were written outside of those statistics intervals. Similarly, we can learn how many directory requests were processed at times when the bridge did not report byte histories. On a side note, as one can see from the example, byte history intervals are only 15 minutes long and thereby much shorter than directory request statistics intervals. It might be that this level of detail has privacy implications, in particular on bridges with only very few users. We probably don t need byte histories on this level of detail. We leave the analysis what level of detail is required as future work. Results could lead to increasing the history interval length on bridges to 1 hour or more. In the following, we define R as the subset of bridges reporting directory request statistics, H as the subset reporting byte histories, and N as the entire set of bridges in the network. Figure 2 illustrates these subsets and the variable names. Also, we define r() as the number of directory requests reported by a given set of bridges, h() as the number of bytes reported by the bridges in a given set, and n() as the absolute number of bridges in a set. Knowing the number of reported directory requests, r(r), we can extrapolate to the expected total number of directory requests, r(n), by multiplying with the reciprocal of the fraction of written directory requests that got reported to us, h(n) h(r) : r(n) = r(r) h(n) h(r) Estimating total written directory request bytes in the network, h(n), is easy. We assume here that the bridges that didn t report directory request bytes wrote the same number of bytes per bridge on average as reporting bridges. (1) h(n) = h(h) n(n) n(h) (2) 4

Estimating written directory request bytes by the bridges that reported directory request statistics, h(r), is somewhat harder. We first split the set into the set of bridges reporting both statistics and the set of bridges reporting only statistics and no write histories. h(r) = h(r H) + h(r \ H) (3) The first number is something we can read from the descriptors. The second number requires us to apply the same assumption from above, namely that bridges that didn t report byte histories wrote the same number of bytes, on average, as reporting bridges. (Note how this equation is very similar to equation 2.) n(r \ H) h(r \ H) = h(h) n(h) Putting everything together, we come up with a way to compute estimated directory requests in the network: h(h) n(n) r(n) = r(r) h(r H) n(h) + h(h) n(r \ H) Figure 3 shows reported directory requests, estimated fraction of directory requests that got reported by bridges, and estimated total directory requests in the network. A few observations: 1. The top-most graph is the same as in Figure 1 which we already discussed on page 2. 2. The middle graph shows an upwards trend of the fraction of bridges reporting directory request statistics. Fractions of under 25% as seen until end of October 211 make it difficult to extrapolate to the total number of requests in the network. These fractions also explain the observed volatility of reported requests until end of October 211. Beginning with November 211, fractions are at 5% or higher, exceeding 75% in most of 212. 3. The bottom-most graph is the result of dividing request numbers in the top-most graph by fractions in the middle graph. The low fractions in late August and early September 211 lead to very high estimated total requests in the network. We ll want to treat these surprisingly high numbers with care, but so far, there is no reason to believe they re totally wrong. From November 211 to September 212, the continuously decreasing reported request numbers combined with the increasing fraction of reported requests lead to a continuous decrease in estimated directory requests in the network. From this graph it seems that bridge usage has steadily decreased in the past 11 months. (4) (5) 4 Dividing by 1 for estimating number of users With the estimated number of daily directory requests in the network we can now estimate the number of daily users. We make the assumption that there is an average number of directory requests per day that every client makes to keep their network information up-to-date. As of writing this report, network status consensuses are fresh for three hours, requiring clients to download a new document every 2 to 3 hours. Hence, a client that is online all day would 5

15, 1, 5, 1..8.6.4.2. 1. Reported directory requests 2. Estimated fraction of bridges reporting directory requests 1,, 8, 6, 4, 2, Jul 211 Oct 211 Jan 212 Apr 212 Jul 212 Oct 212 3. Estimated directory requests in the network Figure 3: Reported directory requests, estimated fraction of bridges reporting directory requests, and estimated directory requests in the network make 8 to 12 directory requests on that day. Not all clients are online all day, thus reducing the average number of directory requests made by clients. We, somewhat arbitrarily, chose 1 as the number of directory requests that the average client makes every day. 1 is also the number that we use in directly connecting user statistics, so that both estimates for non-censored and censored users will be easy to compare. We could evaluate whether 1 is a good number by asking volunteers to have their Tor clients record directory request numbers made on a given day, and use these actual numbers to come up with a better number. But given that we apply the same number of requests per client to all days, the actual value does not influence development over time, allowing us to observe trends over time and still have a rough idea of absolute numbers. Now we can derive user numbers from total directory requests in the network. Figures 4 and 5 show the total number of users connecting via bridges over time, for the entire period for which we have data and for the third quarter of 212. These graphs contain the same data as 6

1, 8, 6, 4, 2, Jul 211 Oct 211 Jan 212 Apr 212 Jul 212 Oct 212 Figure 4: Estimated daily bridge users from all countries from July 211 to September 212 the bottom-most graph in Figure 3, but divided by 1. The most surprising result is that there are only 3,5 daily bridge users these days. 5 Breaking down to user numbers by country So far, we only have an estimate of daily bridge users in the network, but no user numbers per country. In contrast to directory request statistics reported by relays, bridges do not report request numbers by country code. But we still have statistics on originating countries in the unique IP address statistics reported by bridges. These are the statistics we have been using for estimating daily bridge users so far. We assume that the country distribution of connecting bridge clients is similar to bridge clients downloading directory requests. As an example, these are the statistics on connecting clients reported by the same bridge from earlier examples: extra-info goinpostal 7363FF835F5D79EA1FCC2EB757B3866D4515F7 bridge-stats-end 212-9-18 15:27: (864 s) bridge-ips ir=32,??=16,at=8,eg=8,jp=8,lv=8,pk=8,us=8 We sum up unique IP addresses and calculate a fraction of IP addresses for every country and day. (We could also have weighted country information of reporting bridges with the bridge s fraction of written directory request bytes, but this seemed like overkill for this analysis, so we left it for future work.) We multiply the estimated number of total users in the network with the fraction of unique IP addresses coming from a country and come up with the estimated number of users in that country. Figure 6 shows the result for estimated daily bridge users coming from Syria. We chose Syria for this example, because that s one of the countries with most bridge users these days. The approach would work for all other countries, too. 7

6, 5,5 5, 4,5 4, 3,5 3, Jul 212 Aug 212 Sep 212 Oct 212 Figure 5: Estimated daily bridge users from all countries in the third quarter of 212 2, 1,5 1, 5 Jul 211 Oct 211 Jan 212 Apr 212 Jul 212 Oct 212 Figure 6: Estimated daily bridge users from Syria 8

Figure 7: Reported directory requests by bridges that have or have not been seen as non-bridge relays 6 Ignoring bridges that were running as non-bridge relays One aspect that we have been ignoring so far is that there are bridges that were running as non-bridge relays before. It is likely that these bridges report directory requests coming from directly connecting clients of which there are far more than bridge clients. Figure 7 shows reported directory requests of bridges that have or have not been seen as non-bridge relays. The focus here is on data points which are seemingly outliers. Two noteworthy examples are the 3,+ requests in April 212 and the 25,+ requests in September 212. In our current approach to count daily bridge users, we ignore any such bridge, because they could skew results. We d like to exclude data points coming from bridges that report unrealistic statistics. However, it seems that ignoring all bridges that have been seen as non-bridge relays would mean removing too many data points. More research is needed to define criteria when a data point probably contains directory requests by non-bridge clients and should be ignored. 7 Ignoring days with too few network status consensuses A closer look at spikes in total estimated directory requests and at archives of network status consensuses reveals an interesting correlation: in 4 out of 5 cases when less than 2 consensuses were published on a given day, the number of directory requests went up a lot. Figure 8 shows the number of published consensuses per day. 9

2 15 1 Jul 211 Oct 211 Jan 212 Apr 212 Jul 212 Oct 212 Figure 8: Published consensuses per day By default, the directory authorities publish a new consensus every hour. Missing consensuses indicate a problem with the consensus process, meaning that the available consensuses become outdated and that clients send out more requests to get a recent enough consensus, thus raising the number of directory requests in the network. We could decline providing bridge usage statistics for days when the archives had less than 2 consensuses. This would fix the spike in late November 211 and especially the huge one in early January 212. However, we decided not to remove these days yet and left it as future work to analyze how we can detect problems with the consensus process leading to higher directory request numbers. 8 Comparing old and new approaches to count bridge users We briefly compare results from our new approach based on directory requests to results from our existing approach based on unique IP addresses. Figures 9 and 1 show the estimates of daily bridge users in the new and in the old approach, for the entire observed period and for the third quarter of 212. The general trend is about the same, though the new approach only outputs about one tenth as many daily bridge users as the old approach did. We think that results from the new approach are closer to reality, because the reasoning behind it is much more plausible than the design of the old approach. We refer to our earlier report [1] for details of the old approach to count daily bridge users including a discussion of its weaknesses. 9 Suggesting next steps We identified a few starting points for further improving the described approach in this report: 1

1, 8, 6, 4, 2, 1,, 8, 6, 4, 2, Jul 211 Oct 211 Jan 212 Apr 212 Jul 212 Oct 212 new approach based on directory requests old approach based on unique IP addresses Figure 9: Estimated daily bridge users in the new and in the old approach from July 211 to September 212 We should re-run the analysis under the assumption that bridges use a larger time period for byte histories than 15 minutes. There are potential privacy problems with seldomly used bridges reporting usage statistics on such a high detail level. The described approach to estimate daily users should work as well with byte histories on a detail of a few hours. Once we know what detail is required, we should change the default in the Tor sources, and we could update the bridge descriptor sanitizing code to increase the byte history interval in sanitized bridge descriptors. We should evaluate whether 1 is a reasonable average number of directory requests made by a client per day. One way to do this evaluation is to ask volunteers to have their Tor clients record directory request numbers made on a given day. We should look closer at weighting country information reported by bridges. Maybe we ll have to weight unique IP address fractions by country with the reporting bridge s written directory request byte fraction to get more accurate user numbers by country. We should further investigate how bridges that have been seen as non-bridge relays affect the results. If we need to ignore reported statistics by these bridges, we ll want to make sure to only exclude as few reports as necessary. 11

6, 5,5 5, 4,5 4, 3,5 3, new approach based on directory requests 55, 5, 45, 4, 35, 3, old approach based on unique IP addresses Jul 212 Aug 212 Sep 212 Oct 212 Figure 1: Estimated daily bridge users in the new and in the old approach in the third quarter of 212 We should further analyze problems with the consensus process and how they affect directory request numbers. Both statistics of daily directly connecting and of daily bridge users could benefit from new insights here. Acknowledgements Thanks to George Kadianakis for his valuable input on a draft of this report, especially by reviewing the math part of extrapolating reported requests to total requests in the network, and for pointing out the potential privacy problem of too short byte history intervals. References [1] Sebastian Hahn and Karsten Loesing. Privacy-preserving ways to estimate the number of Tor users. Technical Report 21-11-1, The Tor Project, November 21. https: //research.torproject.org/techreports/countingusers-21-11-3.pdf. 12

[2] Karsten Loesing. What fraction of our bridges are not reporting usage statistics? Technical Report 212-4-1, The Tor Project, April 212. https://research.torproject.org/ techreports/bridge-report-usage-stats-212-4-3.pdf. [3] Karsten Loesing, Steven J. Murdoch, and Roger Dingledine. A case study on measuring statistical data in the Tor anonymity network. In Proc. Workshop on Ethics in Computer Security Research, Tenerife, Canary Islands, Spain, January 21. https://metrics. torproject.org/papers/wecsr1.pdf. 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback