[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] What is mean "Guard context default"

On Sat, Nov 04, 2017 at 04:32:48PM +0200, Andre Wingor wrote:
> I'm under harassment, always under watching. At several year I have
> accumulated a collection of bad (aggressive) tor hosts and networks.I
> append those to torrc
> https://goo.gl/XKdEoT (google docs)

You're probably not doing yourself any favors by building a huge list of
addresses that you do and don't want to use. Tor does indeed have a lot
of config knobs you can turn, but you're probably not helping yourself
by this kind of setup.

> It always worked, but today it broke. I can't change first gateway
> ( despite the fact that it is explicitly prohibited by
> the ExcludeExitNodes rule (forbidden all

Tor circuits typically consist of three relays. The first is your
guard (what I think you call the 'first gateway'), and the last is
your exit. The ExcludeExitNodes config option does not affect your
guard choice.

> It's a hostile host-agent. It turn up my requests through a hostile territory.

Part of the strength of Tor is the variety of possible points your traffic
might traverse, which makes it hard for an attacker to predict where on
the Internet they need to watch.

But more importantly here, it is very unlikely that your entry guard is
deciding what exit to use for you.

> https://goo.gl/sbWMTo (png image)
> Why the ExcludeExitNodes is not working and what is a simple way for
> reliably control that?

Well, first of all, the exit relays that you think are in the Ukraine
are not in the Ukraine. One is in Germany:
And another is in Sweden:

Google is mistaken about where these IP addresses are:

But second of all, maybe I'm misreading it, but do I see in your gmail
history that you're logging in via Chrome? If you're at all under threat,
using Chrome rather than Tor Browser is a terrible move:


tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to