commit acda1735fd62a8e2c90d6525049bc583f6049940 Author: Mike Perry mikeperry-git@fscked.org Date: Mon Sep 17 18:45:10 2012 -0700
Disable Guard usage for Tor2webMode.
Tor2webMode is fingerprintable by hidden services through repeated usage of the same three guard nodes for its rend and intro points. --- changes/bug6866 | 4 ++++ src/or/config.c | 16 ++++++++++++++++ 2 files changed, 20 insertions(+), 0 deletions(-)
diff --git a/changes/bug6866 b/changes/bug6866 index 561676b..ee1e571 100644 --- a/changes/bug6866 +++ b/changes/bug6866 @@ -2,3 +2,7 @@ - Convert an assert in the pathbias code to a log message. Assert appears to only be triggerable by Tor2Web mode. Fixes bug 6866; bugfix on 0.2.3.17-beta. + - Disable the use of Guard nodes when in Tor2WebMode. Guard usage + by Tor2Web clients allows hidden services to identity tor2web + clients through their repeated selection of the same rendezvous + and introduction point circuit endpoints (their guards). diff --git a/src/or/config.c b/src/or/config.c index 4557853..c77f7fb 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -2522,6 +2522,22 @@ options_validate(or_options_t *old_options, or_options_t *options, options->LearnCircuitBuildTimeout = 0; }
+ if (options->Tor2webMode && options->UseEntryGuards) { + /* Tor2WebMode is incompatible with EntryGuards in two ways: + * + * - Tor2WebMode uses its guard nodes as rend and intro points. + * This makes tor2web users fingerprintable by their continued + * selection of the same 3 nodes for these circuits (their guard + * nodes). + * + * - Tor2WebMode makes unexpected use of circuit path lengths + * in ways that prevent us from applying the PathBias defense. + */ + log_notice(LD_CONFIG, + "Tor2WebMode is enabled; disabling UseEntryGuards."); + options->UseEntryGuards = 0; + } + if (!(options->LearnCircuitBuildTimeout) && options->CircuitBuildTimeout < RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT) { log_warn(LD_CONFIG,