On 5 Jan 2017, at 09:34, nusenu nusenu@openmailbox.org wrote:
Hi,
is there a possibility to blacklist guard relays (only in that position) from a client perspective? I didn't find one in the torrc man page.
No, there is no option to exclude Guards. Only EntryNodes, which is a list of Guards to use.
It is generally a bad idea to create custom tor client footprints by excluding relays but maybe it is less bad to exclude a certain relay just in the guard position than to exclude it completely via ExcludeNodes + StrictNodes since guards are used for a longer timeperiod.
Guards (and Directory Guards) are the only nodes identifiable from unencrypted traffic (IP headers), so they can be used to fingerprint a client more readily than nodes in other positions.
But the fingerprinting risk also depends on how many guards you exclude.
(In 0.2.8 and later, all client directory fetches are encrypted. In 0.2.7 and earlier, most client directory fetches are encrypted.)
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------