[tor-dev] design for a Tor router without anonymity compromises

coderman coderman at gmail.com
Mon May 4 20:45:53 UTC 2015

On 5/4/15, Leif Ryge <leif at synthesize.us> wrote:
> ...
> So, unlike a transparent tor router, this system is not intended to prevent
> malicious software on client computers from being able to learn the client
> computer's location, right?

hello Leif!

this deserves a longer answer, but you're right. if the attacker is
using Tor itself a Tor enforcing gateway can't protect against those

DNS leaks, UDP exfil (like the MAC leaking attacks), Flash based proxy
bypass.  these types of attacks can be stopped and warned about.

a malicious relay, a malicious hidden services, at the network level a
Tor enforcing router can't discriminate or help here.

> An attacker who has compromised some client
> software just needs to control a single relay in the consensus, and they'll
> be allowed to connect to it directly?

you don't even need to control a relay, this could be performed via
hidden service, as well.

> It is unclear to me what exactly this kind of tor router *is* supposed to
> protect against. (I haven't read the whole document yet but I read a few
> sections including Threat Model and I'm confused.)

i will clarify to make this more apparent.

best regards,

More information about the tor-dev mailing list