<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 1/9/2013 4:41 AM, Konstantinos
Asimakis wrote:<br>
</div>
<blockquote
cite="mid:CAOg8jqry0F0PE6_=LHyJF19ZPsTmRg-CoONNU8y=6T1toErTCg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra" style="">First of all, AFAIK, bridge
relays act as entry guards, meaning they *replace* the first
step of your tor circuits, they don't extend them to 4 nodes.
With that in mind you might be able to do this:</div>
<div class="gmail_extra" style=""><br>
</div>
<div class="gmail_extra" style="">your client -> bridge
(obfuscated or not) -> tor node B -> tor node C ->
whatever (clearnet / introduction points for your service)</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra" style="">If you host a hidden service,
a compromised bridge on the above circuit will make you
vulnerable to timing attacks whether you hand-pick trusted
nodes for B&C or not.</div>
<div class="gmail_extra" style=""><br>
</div>
<div class="gmail_extra" style="">Also in general when you talk
about guard node, you mean a node that you connect directly
too for your first hop on a circuit. It doesn't make sense to
talk about guard nodes in the middle of the circuit, you don't
really care if those are compromised or not since they don't
see you IP.</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra" style="">So another idea would be to
use Tor through Tor which unfortunately doesn't increase your
anonymity much since timing attacks will still work the same
way (maybe they will take a little longer to pull off though
but your hidden service will be harder to reach too).</div>
<div class="gmail_extra" style=""><br>
</div>
<div class="gmail_extra" style="">That being said you can choose
your entry guards with the EntryGuards torrc command and
the StrictNodes commands which you can find in the <a
moz-do-not-send="true"
href="https://www.torproject.org/docs/tor-manual.html.en">Tor
Manual</a></div>
<div class="gmail_extra" style=""><br>
</div>
<div class="gmail_extra" style="">If you are super paranoid you
could add more latency to the connection between you and the
hidden service server. For example you could rent a server
anonymously in another country to host your hidden service,
and only access that server using Tor from a random public
WiFi and only for short durations (like just reuploading
changed html code) using actually trusted entry nodes. This
way even if they manage to find where the hidden service is
located they will have to also start a separate attack to find
where are you connecting to this server from. And if they find
where you do connect from (which will take considerable time
probably) you might have even switched to another public WiFi
by that time. Also who are "they" in this case? Cause we are
talking about an investigation that spans a ton of countries
just to find you. I honestly believe this is overkill. If you
need that much security then maybe Tor isn't for you.</div>
<div class="gmail_extra" style=""><br>
</div>
<div class="gmail_extra" style="">Cheers.<br>
</div>
</div>
</blockquote>
for our purposes, "they" can remain undefined.<br>
<br>
there are plenty of "they"s to pick from, what with illegal NSA
wiretapping, various alphabet soup brigades targeting their own
citizens, staggeringly escalated mandatory data retention, new
anti-piracy techniques and legal precedants that allow various
copyright owners to attack their own customers and clients, the list
goes on and on.<br>
<br>
And that's just the USA. once you include things like
publically-admitted cooperative domestic espionage between allied
countries, and other foreign powers such as China, Russia, North
Korea, and just about every Arab country in existence, there are a
multitude of "they"s to be cautious about.<br>
<br>
Though, speaking as someone with an anarchist cypherpunk bent, I
don't really need an excuse to take whatever precautions are
available to me, seeing as any sort of activism or participation in
social movements would cause me to be a political target.<br>
<br>
The only reason I'm posting here at all is because I do not think I
am yet a target valuable enough to actually pursue.<br>
<br>
When I say "entry guards" i mean entry guards from the perspective
of a tor node acting as a client.<br>
<br>
Am i mistaken in believing that a tor bridge relay acts as a client
on behalf of the actual tor client behind it?<br>
<br>
Or does the short list of bridge relays act as entry guards, and
connect to other tor relays as the first hop tor relay?<br>
</body>
</html>