How Tor handles nodes designed to burn it

Question

How does tor handles nodes designed just to screw it.

The way i understand it entry node connects to node 2. which connects to node 3.(exit nodes) now all the traffic is encrypted and encryption i understand. But what if node is designed to attack tor network and make it unreliable and just pass on the wrong traffic. For example if node was supposed to pass encrypted string 'aaaa' instead it passes 'bbbb' just to screw up tor in general and a random tor user. Would tor network be able to isolate the node that is messing up the network, if so how?

How does tor handle it and are there any mechanisms to prevent that? I rly don't understand what guarantees entry node that it will get data it requested (data integrity) ?

Answer 1

You probably want to have a look at the Report Bad Relays wiki entry. As you can see in the wiki entry you can report bad relays and there are also automated tools to detect tempering (bottom of the wiki entry.)

The great thing about an anonymity network is that relays can't distinguish between the different users including scanners that test for tempering. Of course if HTTPS is used you might never know if anyone tempered with your traffic just like in the regular Internet.

Answer 2

It's clear that you don't understand encryption, despite your claim.

"if node was supposed to pass encrypted string 'aaaa' instead it passes 'bbbb'"

No node knows what encrypted strings it is passing. It can only read those encrypted to itself, not those encrypted to other relays and since it is encrypted it could not reliably change "aaaa" to "bbbb". It could change some plaintext it doesn't know to some random value that it couldn't predict but the change would be detectable and make the cell it was passing invalid. This would result in the client or relay dropping the cell as invalid.

This would result in an error, a user investigating this error may discover that a relay was misbehaving and report it to bad-relays, who would try to see if the relay was being malicious, if it was it would be removed from the consensus and users would no longer user it.