On 9 Dec 2017, at 13:24, x9p tor@x9p.org wrote:
By "private guards" do you mean "bridges"? That would be a very bad idea: it would make the bridge and its onion services stand out within minutes or hours on the network, because each circuit gets a different middle node, and the nodes would not be evenly distributed.
Sorry, I meant EntryNodes
If you block a guards on an onion service, it will look different, but that might be unnoticeable for a few months. (More precisely, it's safe in proportion the guard rotation period, divided by the number of related onion services blocking those guards, divided by the consensus weight fraction of blocked guards. We don't expect that people will do this calculation themselves, which is why we say "don't do that".)
Would it be a better approach than firewall blocking, setting "ExcludeNodes + StrictNodes" with the offending/suspicious fingerprints?
No, this is much worse: it blocks these nodes for guard, middle, intro, and rend points. That's even more detectable than blocking middle nodes after a bridge.
If you must block, only block a few guards, and only short-term.
This is a hard area to get right - reducing the threat of node subsets needs more research.
T
tor-relays@lists.torproject.org
-
teor