Re: [tor-dev] Entry/Exit node selection

Subject: Re: [tor-dev] Entry/Exit node selection

From: "Evan d'Entremont" <evan@xxxxxxxxxxxxxxxxxx>

Date: Fri, 22 Jan 2016 02:36:15 +0000

Delivery-date: Thu, 21 Jan 2016 21:36:39 -0500

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=evandentremont-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :content-type; bh=LmLRFt4/jyBWYrq2Libo0L17r8C6YFO5nYPzugvmsqw=; b=U5MvA06lHZe0XpbHliu9yls7kmk3hMEqzGw3VWMypTctIHUg9597UVClUzqvWzdZPV qMSuA3sEzdXWYKmUdiuqUUmXTQ/MJzk2kw8NGyhRBGOPMvQEqbuwJpq3vOSbFpuGi8ab jPD3+2fk6/2gTY57HuTTRhoOUQtePbHvStOTAHA/libKsNwl9vyYwBfqw2Ww7k4DA+1c R9zSb2sFtjdZIhcs75oOEB32Kzd5+0Lk4SlRhJPebwMzYWHawQBGb22Hfw3B4jlBORLo Gnz5uTfHb4pstfYdEXmP5fIO0zFw5q1KU21fQ26sVj3HapJS6oGdKYrqhRLBwTdp9ZHJ XSqQ==

In-reply-to: <2E27CAE1-8A0F-44FF-B088-AD4CC561A8E5@xxxxxxxxx>

List-archive: <http://lists.torproject.org/pipermail/tor-dev/>

List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>

List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>

List-post: <mailto:tor-dev@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>

References: <CAKBzSo6n6JdGGVhP8jWh1hZm7obrJeO2a==WvgTo0fcPDgXvCg@xxxxxxxxxxxxxx> <2E27CAE1-8A0F-44FF-B088-AD4CC561A8E5@xxxxxxxxx>

Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Either way, aren't they already logging tbat you'rw using tor?

On Mon, Jan 18, 2016, 6:24 PMÂTim Wilson-Brown - teor <teor2345@xxxxxxxxx> wrote:

On 19 Jan 2016, at 04:53, Evan d'Entremont <evan@xxxxxxxxxxxxxxxxxx> wrote:

What threat is Tor trying to defeat? Region locking or nation states? If the former, then great, select an exit country, or just use a VPN. If the latter, perhaps that actual threat profile should be taken into account.Â

Is there any reason whyÂTorÂdoesn't select exit nodes which are as close as possible to theÂintended host?Â

If I connect toÂTorÂand request a resource from a server on ISP A, would in not make sense toÂenforce an exit node also on ISP A, or if not, as close as possible?

As well, entry guards should be as close as possible to the user, limiting the ability of others to log the connection.

In short, it's safer that only my ISP see a connection rather than my ISP, a backbone provider, the entry guard's ISP, etc.ÂSystems like XKeyscore wouldn't even see the traffic in this case. It seems that selecting an exit country may actually be detrimental to anonymity by forcing traffic over the (monitored) internet backbone.

It depends on your threat model.

My country requires ISPs to retain connection information, so choosing a nearby entry to me, and a nearby exit to a website in this country, would be very detrimental to my anonymity.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTRÂCAD08081 9755866DÂ89E2A06FÂE3558B7F B5A9D14F

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev