[tor-dev] Update on 259

Tim Wilson-Brown - teor teor2345 at gmail.com
Thu Apr 7 21:04:36 UTC 2016

> On 7 Apr 2016, at 23:53, George Kadianakis <desnacked at riseup.net> wrote:
> Here is a non-smart thing we could do: We could prepopulate our sampled guards
> list with all the possible guard types. So we include an 80/443 bridge and an
> IPv6 bridge and an IPv6 bridge that is also on 80/443, and any other thing we
> can think of. Unfortunately, this would greatly reduce the diversity of our
> guard list since there can't be too many guards that are IPv6 and on 80/443,
> and in the end most clients will end up using the same guards.
> It might be a good idea to enumerate the guards for each possible filter we
> will add, and then calculate their guard probabilities, to see how likely it is
> to randomly choose a guard of that type. If we have filters were there is only
> 1% probability of picking a bridge of the right type, then these "your current
> network settings make it impossible for us to safely choose an entry guard"
> messages might appear more frequently than we would like.

This sounds very much like ticket #17849.
On that ticket, I suggest we use the current IPv4 FascistFirewall proportion as a guide to when we should warn the user.
But we never considered failing closed in these circumstances: what if the user just wants circumvention, and not anonymity?


Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160408/89a65a9f/attachment.sig>

More information about the tor-dev mailing list