[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Network diversity [was: Should I warn against Tor?]
On Sa, Jul 20 2013, Jens Lechtenboerger wrote:
On Fr, Jul 19 2013, Gregory Maxwell wrote:
On Fri, Jul 19, 2013 at 10:03 AM, Jens Lechtenboerger
but going much further than that may well decrease your
How, actually? Iâm aware that what Iâm doing is a departure
from network diversity to obtain anonymity. Iâm excluding
what I consider unsafe based on my current understanding. It
might be that in the end Iâll be unable to find anything that
does not look unsafe to me. I donât know what then.
Because you're lowering the entropy of the nodes you are
selecting maybe all the hosts themselves are simply NSA
operated, or if not now, they be a smaller target to
I donât buy the entropy argument. If the NSA compromises Tor
nodes, wouldnât they target as many nodes as possible,
regardless of guard selection strategies?
Note that Iâm avoiding guards that they can monitor without
having compromised them.
Let me expand upon that one. Actually, Iâd like to consider two
aspects separately: First, nodes may or may not be compromised.
If they are, they should not be used by anyone. Usually, we donât
know, so we select randomly. Of course, everybody may have more
or less reason to trust individual operators or notâmy previous
posts are unrelated to such reasoning. Second, the *path* to a
node may or may not be compromised. Depending on where you live
and where you connect to the Internet, different expectations
apply. This is the case Iâm talking about. If I expect a path to
be compromised then I donât want to use entry nodes that must use
that path. I donât care whether those nodes are compromised or
not, they are out of scope. Note that based on this criterion,
Iâm probably using different guard nodes when I connect to the
from different places.
To sum up: One-size-fits-all is not the best approach for node
So far, Iâve been arguing from a German perspective. Letâs change
Assume that you live under an oppressive regime that monitors
everything in your own country, and you use Tor to anonymize your
communication. You must make sure that you always communicate via
foreign servers with your compatriots; otherwise, both ends of the
torified traffic are monitored in your country, and Tor fails.
You cannot avoid that your communication with your entry guard is
stored and analyzed. Now, if Torâs standard path selection ever
chooses an exit node in your own country then also the exitâs
communication is stored and analyzed, and Tor fails. Thus, you must
avoid national exits. And you must avoid foreign exits with boomerang
routes into your own country. (Itâs less obvious whether you should
avoid national guards. Although those are monitored in your country
they offer protection against foreign adversaries if you care about
Finally, if you did not do so already ;) please re-read the previous
paragraph and pretend that I wrote âdemocratic governmentâ instead of
One-size-fits-all is not the best approach for node selection.
tor-talk mailing list