5 Sep
2018
5 Sep
'18
4:14 p.m.
There are so many edge cases for this check.
Flags are a *recommendation* to clients. They don't force clients to behave a certain way.
For example:
- clients connecting via bridges can use a middle node as their second hop. These middle nodes will leak bridge addresses via nyx.
- clients and relays can have different consensuses:
- if a relay loses the Guard flag, and finds out earlier than its clients, nyx will stop protecting those clients
- if a client finds out before the relay, nyx won't protect those clients
- some Tor client versions don't check the guard flag at all. Others keep their guards, even if they lose the flag
- middle and exit relays can be used as bridges, even if they don't set BridgeRelay
- older Tor versions have a non-zero probability of choosing any relay as an entry, even if it doesn't have the guard flag
- various config options make tor clients ignore the Guard flag
Please only show an IP if the relay is already public in the consensus.
Thanks teor, great point. Will do: https://trac.torproject.org/projects/tor/ticket/27475