From the Tor FAQ: https://www.torproject.org/docs/faq.html.en#BetterAnonymity > "Do I get better anonymity if I run a relay? > > Yes, you do get better anonymity against some attacks. > > The simplest example is an attacker who owns a small number of Tor > relays. He will see a connection from you, but he won't be able to > know whether the connection originated at your computer or was > relayed from somebody else." I'm wondering if this is actually the case. First, your client will connect to an Entry Guard. From the Guard's perspective, isn't it almost guaranteed that if he sees a connection, it is from a client and not traffic that has been relayed? Further, if your own relay does not have the Guard flag, isn't that 100% confirmation that the traffic originated from your client? I'm not sure if there is a special case concerning hidden services, where it is possible an Entry Guard might be chosen as perhaps the 3rd hop. On the other hand, as a relay without either the Guard or Exit flags, an Exit will always know that the traffic it receives from you has been relayed. The only case where it seems like you *might* get better anonymity is if your relay is one of the ~25% of relays with the Guard flag. I speculate that few of these relays are located in people's homes, so to gain this boost in anonymity one would have to configure their own relay to be their Entry Guard. (?) Next, in the Tor manual regarding FastFirstHopPK: > "When this option is disabled, Tor uses the public key step for the > first hop of creating circuits. > ... > > Note that Tor will always use the public key step for the first hop > if it’s operating as a relay, and it will never use the public key > step if it doesn’t yet know the onion key of the first hop. (Default: > 1)" This seems to indicate that, by default, clients behave differently than relays. I may be mistaken (and I can't find a source for this), but I thought it was not recommended to use the same instance of Tor for both your relay and your client. (?) In either case, if you have a separate client, wouldn't you have to disable FastFirstHopPK in order to blend in with your relay? I appreciate any insights given regarding the above.
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk