[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] What is mean "Guard context default"

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] What is mean "Guard context default"
From: Roger Dingledine <arma@xxxxxxx>
Date: Sat, 4 Nov 2017 16:02:04 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 04 Nov 2017 16:02:24 -0400
In-reply-to: <CABVYe1E1sFpqSNJsc5-TMdpaTmZt6UKYUyznSokJZayOOnyB-g@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CABVYe1E1sFpqSNJsc5-TMdpaTmZt6UKYUyznSokJZayOOnyB-g@mail.gmail.com>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.8.2 (2017-04-18)

On Sat, Nov 04, 2017 at 04:32:48PM +0200, Andre Wingor wrote:
> I'm under harassment, always under watching. At several year I have
> accumulated a collection of bad (aggressive) tor hosts and networks.I
> append those to torrc
> https://goo.gl/XKdEoT (google docs)

You're probably not doing yourself any favors by building a huge list of
addresses that you do and don't want to use. Tor does indeed have a lot
of config knobs you can turn, but you're probably not helping yourself
by this kind of setup.

> It always worked, but today it broke. I can't change first gateway
> (5.189.164.230) despite the fact that it is explicitly prohibited by
> the ExcludeExitNodes rule (forbidden all 5.0.0.0/8).

Tor circuits typically consist of three relays. The first is your
guard (what I think you call the 'first gateway'), and the last is
your exit. The ExcludeExitNodes config option does not affect your
guard choice.

> It's a hostile host-agent. It turn up my requests through a hostile territory.

Part of the strength of Tor is the variety of possible points your traffic
might traverse, which makes it hard for an attacker to predict where on
the Internet they need to watch.

But more importantly here, it is very unlikely that your entry guard is
deciding what exit to use for you.

> https://goo.gl/sbWMTo (png image)
> Why the ExcludeExitNodes is not working and what is a simple way for
> reliably control that?

Well, first of all, the exit relays that you think are in the Ukraine
are not in the Ukraine. One is in Germany:
https://atlas.torproject.org/#details/AF8A3EE078EB81338461F178DBE5CA7E62566FCE
And another is in Sweden:
https://atlas.torproject.org/#search/193.15.16.4

Google is mistaken about where these IP addresses are:
https://lists.torproject.org/pipermail/tor-talk/2017-June/043269.html

But second of all, maybe I'm misreading it, but do I see in your gmail
history that you're logging in via Chrome? If you're at all under threat,
using Chrome rather than Tor Browser is a terrible move:
https://www.torproject.org/projects/torbrowser/design/

--Roger

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] What is mean "Guard context default"
  - From: Andre Wingor

References:
- [tor-talk] What is mean "Guard context default"
  - From: Andre Wingor

Prev by Author: Re: [tor-talk] TBB as main browser: persistent logins to trusted sites?
Next by Author: Re: [tor-talk] [tor-announce] Tor Browser 7.0.9 is released
Previous by thread: [tor-talk] What is mean "Guard context default"
Next by thread: Re: [tor-talk] What is mean "Guard context default"
Index(es):
- Author
- Thread