s7r
Why do you think this is a good setup, what do you think it provides in addition to the default usage?
I thought this will let you blend in your traffic and hide it from your ISP, however as you mentioned later this may be not worth the risk (if it's of any benefit, at all). Also a vanguards guide mentioned that you could reuse tcp connections of other users: https://github.com/mikeperry-tor/vanguards/blob/master/README_SECURITY.md#th...
If you use a bridge hosted on the same machine, or same LAN, it will connect to the Tor network just fine, but every circuit will select hops number #2 and #3 (the exit) random. After N circuits, there is a 100% probability you might run into a malicious hop #2 or hop #3 or even both at the same time, discovering "your entry point" (...) it's something Tor tries really really hard to protect you from.
That is brilliant, yes, I thought there would be something implicit in the way Tor circuits are designed that wouldn't work with this setup. This now makes perfect sense. That is conclusive to me.
If you make this bridge public (other Tor users use it too), it provides better protection and fingerprinting for hops #2 and #3, but your ISP will then know which Tor traffic is yours and which is relayed for other Tor users, because it will simply measure the bandwidth in both directions (in and out).
You don't think that blending your traffic with other users "at the source address" (for example by running a middle/entry node) adds at least some layer of obscurity (protection from ISP)? I am wondering if it wouldn't be an argument to convince all tor users to also run their own relays to increase protection of their own anonymity against their ISPs? This blending was hinted at for hidden services at least in the guide to vanguards I linked above: https://github.com/mikeperry-tor/vanguards/blob/master/README_SECURITY.md#th...
The studies are everywhere, and it's one of the most important attacks that were tested. Search why we switched to static Guards (entry points).
Yes, I saw it mentioned a few times that entry nodes don't change as often as other two hops to minimize chances of getting a malicious one, but I didn't make the association in my setup, which you made now - thanks again.
You are better of in using a bridge operated by you but on a different network, maybe different geographic area, to make it harder for an observer (e.g. to have to watch multiple different places at once).
Yes, that was my conclusion as well and likely not just one bridge but a fleet of bridges from trusted hosting companies. That's much more work.
use a bridge that is shared with other users
completely agree