[tor-dev] ExcludeExitNodes and ExcludeNodes but no "ExcludeEntryNodes"?
teor
teor2345 at gmail.com
Mon Jan 9 22:27:59 UTC 2017
> On 5 Jan 2017, at 09:34, nusenu <nusenu at openmailbox.org> wrote:
>
> Hi,
>
> is there a possibility to blacklist guard relays (only in that position)
> from a client perspective?
> I didn't find one in the torrc man page.
No, there is no option to exclude Guards.
Only EntryNodes, which is a list of Guards to use.
> It is generally a bad idea to create custom tor client footprints by
> excluding relays but maybe it is less bad to exclude a certain relay
> just in the guard position than to exclude it completely via
> ExcludeNodes + StrictNodes since guards are used for a longer timeperiod.
Guards (and Directory Guards) are the only nodes identifiable from
unencrypted traffic (IP headers), so they can be used to fingerprint
a client more readily than nodes in other positions.
But the fingerprinting risk also depends on how many guards you
exclude.
(In 0.2.8 and later, all client directory fetches are encrypted.
In 0.2.7 and earlier, most client directory fetches are encrypted.)
T
--
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20170110/478944f7/attachment.sig>
More information about the tor-dev
mailing list