[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Setting country code?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Setting country code?
From: "Just A. User" <just_a_user@xxxxxxxxxxxxx>
Date: Sat, 25 Dec 2010 14:21:01 -0800
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sat, 25 Dec 2010 17:21:07 -0500
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=messagingengine.com; h=message-id:from:to:mime-version:content-transfer-encoding:content-type:references:subject:in-reply-to:date; s=smtpout; bh=tQlixbnBfu8pRA6QijXnWaMCGf4=; b=IBAc4f/ubYQCtcCCNv8W9wJCOP3R86nzhLCMw5NBgM8ASjz85KPBOoWeqgwQpVK+35YpSPwCjZTtqYxfWk+DjgnsoIgRqO8IPBJP9IesTi7J290GOtuB3zU3ySq/lxaNXunibyS+kGa8ffnrp9X05KjXoQRdYeOWV6ARsVxjces=
In-reply-to: <AANLkTikrqrrkfCk07RxzeYVuCGXsBK=CW+DVf3ENOJnQ@xxxxxxxxxxxxxx>
References: <4D08BE60.4080604@xxxxxxxxxxxxxxxxxxxxxxxxx><AANLkTi=+sAPMhPaE9cfJB9Sr9x1oU3m97684G78djgDv@xxxxxxxxxxxxxx><4D08CC7C.5000808@xxxxxxxxxxxxxxxxxxxxxxxxx> <AANLkTikrqrrkfCk07RxzeYVuCGXsBK=CW+DVf3ENOJnQ@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On Wed, 15 Dec 2010 14:29 +0000, "Runa A. Sandvik"
<runa.sandvik@xxxxxxxxx> wrote:
> It is not recommended because it "can mess up your anonymity in ways
> we don't understand". By using only exit relays in, for example,
> Germany you have have less relays to choose from than if you used
> *any* exit relay in the world. This applies to Entry and Exit, as well
> as Exclude.

Just for the record, how can restricting the *entry* nodes set mess
one's anonymity up? E.g. using entry guards is recommended and
considered to be safe. Are there any plausible conjectures on how to
exploit such a restriction?

On the other hand, consider a situation when restricting entry nodes
could be of some use. Suppose an emigrant does not trust her native
country (NC) secret police (SP) and wants to connect to an NC based
web-server anonymously. She does not know which nodes are controlled by
SP (either in NC or abroad), however, every connection to any NC based
node is observable by SP. Thus, using an NC based entry to reach an NC
based server does facilitate end-to-end correlations. So it seems wise
for the emigrant to avoid using NC based entry nodes.

Of course, geoIP techniques are not very reliable and a malicious entry
could be located anywhere. However, if restricting entry nodes allows to
avoid a priori insecure circuits without any significant adverse
effects, it is worth to have EntryNodes option, isn't it?

BTW, the stable version does not support country codes in EntryNodes
(see l.2512 of src/circuitbuild.c). Are there any plans to implement
this feature?

-- 
http://www.fastmail.fm - The way an email service should be

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

References:
- Setting country code?
  - From: .
- Re: Setting country code?
  - From: Runa A. Sandvik
- Re: Setting country code?
  - From: .
- Re: Setting country code?
  - From: Runa A. Sandvik

Prev by Author: Re: Torbutton, CSS3 and window size
Next by Author: Re: Very low performance in CriptolabTORRelays*
Previous by thread: Re: Setting country code?
Next by thread: Visualization: Tor nodes on Google Maps and Google Earth
Index(es):
- Author
- Thread