On Sun, Jul 26, 2015 at 04:48:37PM +0000, Yawning Angel wrote:
If the relay's IP is constantly changing significantly faster than the Guard rotation interval (needs more numbers here), I'm not sure if they make great Guards, but this is an arma/asn type question since they think more about Guards than I do.
I've been thinking about this one since the thread started. Changing IP addresses "a little bit" isn't so bad. But if a Guard shifts to another place on the Internet, often, this would actually be quite bad. The reason is that clients who use that relay as their guard will effectively shift their paths with it, giving network-level adversaries (as compared to relay-level adversaries) more chances over time to see their traffic. From the perspective of the network-level adversary, it's as though the users are choosing a new guard each time their guard shifts location.
For much more discussion of this point, see https://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-par... including the paragraph "Rather than running a guard relay and waiting for the user to switch to it, the attacker should instead monitor as many Internet links as he can, and wait for the user to use a guard such that traffic between the user and the guard passes over one of the links the adversary is watching."
I wonder how many guards shift location significantly across the Internet, and how often?
--Roger