[tor-bugs] #33648 [Core Tor/Tor]: vanguards: What is the recommended value?

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed May 13 07:34:05 UTC 2020 

#33648: vanguards: What is the recommended value?
--------------------------+----------------------------------
 Reporter:  cypherpunks   |          Owner:  mikeperry
     Type:  task          |         Status:  assigned
 Priority:  Medium        |      Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:  vanguards     |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+----------------------------------

Comment (by mikeperry):

 Replying to [comment:8 Thernet]:
 > Replying to [comment:5 mikeperry]:
 > > Q1 - Smaller values for max circuit age may make you stand out a
 little.
 >
 >
 > "Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden
 Service"
 > ISBN 978-1-939133-11-3
 >
 > {{{
 > First, all circuits should have **similar lifetime**.
 > Client IP and hidden service IP lasts either a **very short or very long
 time**,
 > and this is **very identifying**.
 > }}}
 >
 > Vanguards' circ_max_age_hours makes you unique. Are you sure this
 configurable parameter is safe to use for everyone?

 The max is meant to be set waaayyy beyond onion service setup times -- as
 in hours or days. And it is a max. If a circuit is closing for other
 reasons, it does not keep it open. Our circuit padding defense handles
 this, though.

 I do not think this is extremely fingerprintable, but it is noticeable at
 the guard in cases where your circuits do live this long and they get
 closed at exactly this time. It is arguable that maybe we should randomize
 this so we don't close on exactly this value, but it is also meant to be
 used as a safeguard against *really* long circuits, as in day-long or
 longer, since at that point intermeditate TLS connections may rotate and
 expose you to traffic analysis risks due to that.

 Note that vanguards does not attempt to conceal its presence from client,
 local, or guard adversaries -- it is possible for both adversaries to
 determine you are using the addon. This is documented in the security
 document: https://github.com/mikeperry-
 tor/vanguards/blob/master/README_SECURITY.md

 Search that document for vanguards for details. It is possible to tune
 some of those things to be less noticable, but at the end of the day,
 using 3 middles after your guard will be visible to your guard, unless you
 start spamming and try to look like a web crawler or something. Or we
 develop a circuit padding defense to conceal this.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33648#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list