[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Regarding FAQ: "Do I get better anonymity if I run a relay?"

From the Tor FAQ:

> "Do I get better anonymity if I run a relay?
> Yes, you do get better anonymity against some attacks.
> The simplest example is an attacker who owns a small number of Tor
> relays. He will see a connection from you, but he won't be able to
> know whether the connection originated at your computer or was
> relayed from somebody else."

I'm wondering if this is actually the case.  First, your client will
connect to an Entry Guard.  From the Guard's perspective, isn't it
almost guaranteed that if he sees a connection, it is from a client and
not traffic that has been relayed?  Further, if your own relay does not
have the Guard flag, isn't that 100% confirmation that the traffic
originated from your client?  I'm not sure if there is a special case
concerning hidden services, where it is possible an Entry Guard might be
chosen as perhaps the 3rd hop.

On the other hand, as a relay without either the Guard or Exit flags, an
Exit will always know that the traffic it receives from you has been
relayed.  The only case where it seems like you *might* get better
anonymity is if your relay is one of the ~25% of relays with the Guard
flag.  I speculate that few of these relays are located in people's
homes, so to gain this boost in anonymity one would have to configure
their own relay to be their Entry Guard. (?)

Next, in the Tor manual regarding FastFirstHopPK:

> "When this option is disabled, Tor uses the public key step for the  >
first hop of creating circuits.
> ...
> Note that Tor will always use the public key step for the first hop  >
if it’s operating as a relay, and it will never use the public key   >
step if it doesn’t yet know the onion key of the first hop. (Default: > 1)"

This seems to indicate that, by default, clients behave differently than
relays.  I may be mistaken (and I can't find a source for this), but I
thought it was not recommended to use the same instance of Tor for both
your relay and your client. (?)  In either case, if you have a separate
client, wouldn't you have to disable FastFirstHopPK in order to blend in
with your relay?

I appreciate any insights given regarding the above.

Attachment: signature.asc
Description: OpenPGP digital signature

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to