What Happens if Tor Directory Authorities are Seized?


The Tor Project has announced that they have received threats about possible upcoming attempts to disable the Tor network through the seizure of Directory Authority (DA) servers. While we don’t know the legitimacy behind these threats, it’s worth looking at the role DA’s play in the Tor network, showing what effects their seizure could have on the Tor network.*

What are Directory Authorities?

Simply put, think of the DA servers as the trusted providers of a phonebook. This phonebook - called the consensus - contains the complete information about each known Tor relay, and is updated every hour. When it’s time to update the list, a majority of the directory authorities must agree on the accuracy of the new list by cryptographically signing the proposed consensus. Once this process is complete, clients are able to download the updated list of relays.

There are currently 10 DA’s whose information is hardcoded into Tor clients - one of which (Tonga) is used for bridge access. This means that, to keep the network updated and stable, 5 DA’s must still be operational. If a seizure attempt is able to take down 5 or more DA’s, the network will enter an unstable state, and the integrity of any updates to the consensus cannot be guaranteed.

Where are the DA’s Located?

The seizure of 5 or more DA’s would be a large feat, but it is absolutely possible. As one commenter on HN mentioned, it would only take a joint effort by the US and Germany to take down 5 DA servers. Another comment provides the geolocation and organization of each DA.

The Aftermath

An attack seizing the DA servers would severely cripple the Tor network. The Tor Project would not only need to replace the DA servers, but would then need to introduce a client update with the new DA information. During this time, the integrity of the consensus could not be trusted, and it would be increasingly difficult for new clients to be introduced into the Tor network.

This Doesn’t Solve the Problem

It’s important to note that severing the Tor network doesn’t solve any problem. Tor provides an invaluable escape from censorship, and the means to having privacy from otherwise prying eyes. I’m confident that the Tor Project will be resilient in recovering from any attempted takedown attempts.

More Information

Further information and detailed status (obtained from the updated consensus) about each of the Tor Directory Authorities can be found at the following links:

Information regarding any updates to this situation can be found on the Tor Project blog.

As always, let me know if you have any questions or comments below!

-Jordan (@jw_sec)

*It is worth noting that I am by no means a Tor expert, and am relying on knowledge gained from previous research into the Tor network structure.

Jordan Wright

Security Researcher, Programmer, Time's 2006 Person of the Year

San Antonio, Texas