[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] ExcludeExitNodes and ExcludeNodes but no "ExcludeEntryNodes"?



> On 5 Jan 2017, at 09:34, nusenu <nusenu@xxxxxxxxxxxxxxx> wrote:
> 
> Hi,
> 
> is there a possibility to blacklist guard relays (only in that position)
> from a client perspective?
> I didn't find one in the torrc man page.

No, there is no option to exclude Guards.
Only EntryNodes, which is a list of Guards to use.

> It is generally a bad idea to create custom tor client footprints by
> excluding relays but maybe it is less bad to exclude a certain relay
> just in the guard position than to exclude it completely via
> ExcludeNodes + StrictNodes since guards are used for a longer timeperiod.

Guards (and Directory Guards) are the only nodes identifiable from
unencrypted traffic (IP headers), so they can be used to fingerprint
a client more readily than nodes in other positions.

But the fingerprinting risk also depends on how many guards you
exclude.

(In 0.2.8 and later, all client directory fetches are encrypted.
In 0.2.7 and earlier, most client directory fetches are encrypted.)

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------



Attachment: signature.asc
Description: Message signed with OpenPGP

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev