[tor-dev] design for a Tor router without anonymity compromises
coderman at gmail.com
Mon May 4 20:45:53 UTC 2015
On 5/4/15, Leif Ryge <leif at synthesize.us> wrote:
> So, unlike a transparent tor router, this system is not intended to prevent
> malicious software on client computers from being able to learn the client
> computer's location, right?
this deserves a longer answer, but you're right. if the attacker is
using Tor itself a Tor enforcing gateway can't protect against those
DNS leaks, UDP exfil (like the MAC leaking attacks), Flash based proxy
bypass. these types of attacks can be stopped and warned about.
a malicious relay, a malicious hidden services, at the network level a
Tor enforcing router can't discriminate or help here.
> An attacker who has compromised some client
> software just needs to control a single relay in the consensus, and they'll
> be allowed to connect to it directly?
you don't even need to control a relay, this could be performed via
hidden service, as well.
> It is unclear to me what exactly this kind of tor router *is* supposed to
> protect against. (I haven't read the whole document yet but I read a few
> sections including Threat Model and I'm confused.)
i will clarify to make this more apparent.
More information about the tor-dev