[tor-dev] Proposal 271: Another algorithm for guard selection

Spencer spencerone at openmailbox.org
Tue Jul 26 17:53:04 UTC 2016


> Nick Mathewson:
> uniformly at random

What does this mean!

> an adversary who had (k/N) of the network would deanonymize
> F=(k/N)^2 of all circuits...
> and after a given user had built C circuits, the attacker
> would see them at least once with probability 1-(1-F)^C.
> With large C, the attacker would get a sample of every
> user's traffic with probability 1.

Probabilistic risk analysis (imaginary math).

> To prevent this from happening, Tor clients choose a small
> number of guard nodes (currently 3)

Except that imaginary math cannot prevent anything XD

> we can't continue to connect to the Tor network
> unconditionally.

The conditions set herein create a hierarchical system of trust amongst 
the guards, potentially reducing the likelihood that the selected guards 
are malicious, correct?

> Tor should make a best attempt at discovering

You mean *deciding*.

> appropriate behavior, with as little user input and
> configuration as possible.

How can Tor know what the users wants?

And, when it comes to what the software does, how do you bridge/close 
the gap of understanding between those using and those working on Tor?


More information about the tor-dev mailing list