The Growing Problem of Malicious Relays on the Tor Network


The Discovery

This graph shows the Sybil’s guard capacity over time (~3y). The graph ends at the beginning of Oct 2019 (it intentionally lacks X and Y axis).

Why didn’t we detect them earlier?

Top 10 ASNs by Guard Capacity: Iomart Cloud Services on position 6. (Data Source:

Unnatural growth

Between 2017–10–01 and 2019–10–01 the advertised guard-only bandwidth increased from 130 to >250 Gbit/s. (data source
Guard probability without ContactInfo over the past 3 years (graph ends in early Oct 2019). (Data source:

Reducing Risk

So why am I writing this?



Tor, Routing Security and DNS Privacy related Topics.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store