[tor-dev] Setting NumEntryGuards=2

intrigeri intrigeri at boum.org
Wed Mar 21 10:05:39 UTC 2018

Mike Perry:
> 2. Guard fingerprintability is lower with one guard

> An adversary who is watching netflow connection records for an entire
> area is able to track users as they move from internet connection to
> internet connection through the degree of uniqueness of their guard
> choice. There is much less information in two guards than three, but
> still significantly more than with one guard:
> https://trac.torproject.org/projects/tor/ticket/9273#comment:3

> But, even with one guard, if there are not very many Tor users in your
> area, you still may be trackable. "Guard bucket" designs are discussed
> on the blog post and in related tickets, but they are complicated and
> involve tricky tradeoffs (see
> https://trac.torproject.org/projects/tor/ticket/9273#comment:4). The
> best solution that I see to this is to make Tor maintain separate guard
> choices depending on the current SSID, BSSID, or default gateway router
> MAC from ARP. The default gateway ARP MAC is probably easiest for us to
> implement cross-platform and stable across wifi to ethernet.

FWIW we at Tails have started working on this topic a couple years
ago. We came up with a (far from perfect) plan that is documented
there:  https://tails.boum.org/blueprint/persistent_Tor_state/

More information about the tor-dev mailing list