bjewrn2a--- via tor-relays wrote:
is there any documentation on self-hosting a bridge at home and using it for your own connections? I am trying to understand why this isn't a recommended setup, would it lead to de-anonymization? Why/how much? your traffic blends with other users directly via the same connection other users use your bridge on a regular basis together with you and your hidden services ISP monitoring of your exact connection times are made harder (not sure how much exactly) I don't understand why hosting a bridge outside of your geographic location is necessary?
is it a problem that the first hop is from your own IP address if the other two hops are external? were there any studies or similar questions asked before? I couldn't find anything
I can't find help anywhere, so would appreciate any advice
Why do you think this is a good setup, what do you think it provides in addition to the default usage?
Example: a significant number of attacks (because servers in the Tor network by design are not blindly trusted) are reduced by making the first hop in the Tor network (Guard, or bridge in case bridges are used) static for a certain period of time. Tor tries as hard as possible not to change this entry point randomly every time, for good reasons.
If you use a bridge hosted on the same machine, or same LAN, it will connect to the Tor network just fine, but every circuit will select hops number #2 and #3 (the exit) random. After N circuits, there is a 100% probability you might run into a malicious hop #2 or hop #3 or even both at the same time, discovering "your entry point" - the IP address where you connect from. N might not be a small number of course, but it's VERY scary and huge problem anyway, so it's something Tor tries really really hard to protect you from.
If you make this bridge public (other Tor users use it too), it provides better protection and fingerprinting for hops #2 and #3, but your ISP will then know which Tor traffic is yours and which is relayed for other Tor users, because it will simply measure the bandwidth in both directions (in and out).
The studies are everywhere, and it's one of the most important attacks that were tested. Search why we switched to static Guards (entry points).
You are better of in using a bridge operated by you but on a different network, maybe different geographic area, to make it harder for an observer (e.g. to have to watch multiple different places at once). And I'm not sure if there are any clear studies about how much more likely de-anonymization is if you use a bridge that is not public (PublishServerDescriptor 0 in torrc) and only you use it, but in my humble opinion which you should not take as advice but rather verify for yourself, is to use a bridge that is shared with other users.