[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Update on 259



> On 7 Apr 2016, at 23:53, George Kadianakis <desnacked@xxxxxxxxxx> wrote:
> 
> Here is a non-smart thing we could do: We could prepopulate our sampled guards
> list with all the possible guard types. So we include an 80/443 bridge and an
> IPv6 bridge and an IPv6 bridge that is also on 80/443, and any other thing we
> can think of. Unfortunately, this would greatly reduce the diversity of our
> guard list since there can't be too many guards that are IPv6 and on 80/443,
> and in the end most clients will end up using the same guards.
> 
> It might be a good idea to enumerate the guards for each possible filter we
> will add, and then calculate their guard probabilities, to see how likely it is
> to randomly choose a guard of that type. If we have filters were there is only
> 1% probability of picking a bridge of the right type, then these "your current
> network settings make it impossible for us to safely choose an entry guard"
> messages might appear more frequently than we would like.

This sounds very much like ticket #17849.
On that ticket, I suggest we use the current IPv4 FascistFirewall proportion as a guide to when we should warn the user.
But we never considered failing closed in these circumstances: what if the user just wants circumvention, and not anonymity?
https://trac.torproject.org/projects/tor/ticket/17849

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B
ricochet:ekmygaiu4rzgsk6n



Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev