> Date: Fri, 08 May 2015 09:23:19 +0200 > From: Lars Luthman <mail@xxxxxxxxxxxxxxx> > > On Thu, 2015-05-07 at 23:34 +0000, Nathaniel Goodman wrote: >> Hello, >> >> Around here all devices and usual guests use tor. This of course >> generates many direct connections to the tor network. >> >> We were wondering if there would be any negative (privacy) >> implications from running a private bridge inside the LAN to which all >> the devices around here would then connect instead of making a direct >> connection to the network. > > I've thought of using a similar setup on local networks - configuring > the main router to run a private Tor bridge and blocking all other > traffic. The problem with this is that every normal circuit only gets > two hops out on the internet - your private bridge is the first hop, and > then there's a middle hop and an exit on the internet. Also, since the > private bridge would be the guard node and it is on your local network, > the first hops out on the internet would change much more frequently > than if you didn't use the private bridge but connected to guard nodes > out on the internet. Both of these properties may reduce the anonymity > of Tor users on your local network. > > These problems would be avoided if > > a) Tor treated all bridges as a 'zeroth hop' and built three-hop > circuits _after_ the bridge, with the first hop being chosen > using the normal guard selection algorithm, or > > b) There was a special 'local bridge' type which, when used, > forced the client to build four-hop circuits with the above > properties. > > I don't think there's any way of achieving any of those without > modifying Tor. The standard way of achieving this is to have multiple Tor browsers configured to connect via SOCKS to a shared Tor client on the LAN. This client has one set of connections, descriptors and caches, and 1-3 guards. This saves bandwidth and connections. However, there is a small risk of increased linkability via timing attacks on a shared hidden service cache - one user gets a hidden service faster if another user has recently used it. See https://trac.torproject.org/projects/tor/ticket/15938 There is also the risk of non-encrypted SOCKS connections being observed on your LAN. However, any unencrypted connections could be observed between the Tor exit and website anyway. There may be other security implications of a shared Tor client. However, in my understanding, the loss of a guard node with a shared Tor bridge has known serious security implications. Also, the increase in outgoing connections from a local bridge could very likely make your issue with the number of outgoing connections worse, not better. This depends on the number of Tor users you have - a bridge could make a connection to each of up to 5000 relays - do you have 1000 users using Tor simultaneously? teor teor2345 at gmail dot com pgp 0xABFED1AC https://gist.github.com/teor2345/d033b8ce0a99adbc89c5 teor at blah dot im OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk