[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Network diversity [was: Should I warn against Tor?]

On Sa, Jul 20 2013, Jens Lechtenboerger wrote:
On Fr, Jul 19 2013, Gregory Maxwell wrote:
On Fri, Jul 19, 2013 at 10:03 AM, Jens Lechtenboerger <tortalk@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
but going much further than that may well decrease your security.

How, actually? Iâm aware that what Iâm doing is a departure from network diversity to obtain anonymity. Iâm excluding what I consider unsafe based on my current understanding. It might be that in the end Iâll be unable to find anything that does not look unsafe to me. I donât know what then.

Because you're lowering the entropy of the nodes you are selecting maybe all the hosts themselves are simply NSA operated, or if not now, they be a smaller target to compromise.

I donât buy the entropy argument. If the NSA compromises Tor nodes, wouldnât they target as many nodes as possible, regardless of guard selection strategies? Note that Iâm avoiding guards that they can monitor without having compromised them.

Let me expand upon that one. Actually, Iâd like to consider two aspects separately: First, nodes may or may not be compromised. If they are, they should not be used by anyone. Usually, we donât know, so we select randomly. Of course, everybody may have more or less reason to trust individual operators or notâmy previous posts are unrelated to such reasoning. Second, the *path* to a node may or may not be compromised. Depending on where you live and where you connect to the Internet, different expectations apply. This is the case Iâm talking about. If I expect a path to be compromised then I donât want to use entry nodes that must use that path. I donât care whether those nodes are compromised or not, they are out of scope. Note that based on this criterion, Iâm probably using different guard nodes when I connect to the Internet
from different places.

To sum up: One-size-fits-all is not the best approach for node

So far, Iâve been arguing from a German perspective.  Letâs change

Assume that you live under an oppressive regime that monitors
everything in your own country, and you use Tor to anonymize your
communication.  You must make sure that you always communicate via
foreign servers with your compatriots; otherwise, both ends of the
torified traffic are monitored in your country, and Tor fails.
You cannot avoid that your communication with your entry guard is
stored and analyzed.  Now, if Torâs standard path selection ever
chooses an exit node in your own country then also the exitâs
communication is stored and analyzed, and Tor fails.  Thus, you must
avoid national exits.  And you must avoid foreign exits with boomerang
routes into your own country.  (Itâs less obvious whether you should
avoid national guards.  Although those are monitored in your country
they offer protection against foreign adversaries if you care about

Finally, if you did not do so already ;) please re-read the previous
paragraph and pretend that I wrote âdemocratic governmentâ instead of
âoppressive regime.â

One-size-fits-all is not the best approach for node selection.

Best wishes
tor-talk mailing list