[tor-relays] torservers.net: some exits became guards? (deanonymization risk)
Paul Syverson
paul.syverson at nrl.navy.mil
Thu Jun 8 12:00:50 UTC 2017
Hi Nusenu,
On Thu, Jun 08, 2017 at 09:58:00AM +0000, nusenu wrote:
> Dear Torservers,
>
> are you aware that you have recently become a relay operator with
> end-to-end correlation (deanonymization) capabilities? (in fact you are
> the biggest known such operator)
> This is especially bad for tor clients because you are also one of the
> biggest tor exit operators.
>
> Some of your relays which used to be exits recently became guard-ony relays.
> https://nusenu.github.io/OrNetStats/endtoend-correlation-groups#httpswwwtorserversnetdonatehtml-support-a
Apologies if this is focusing on a minor point of your message or
illuminates nothing but my general tiredness/distractedness, but I
don't see how switching a relay from being an exit to being guard-only
increases correlation risk from that relay. It shouldn't be possible
to use the relay in both positions simultaneously. And even if it
could serve as both guard and exit simultaneously, the route-selection
algorithm would preclude it being used as both ends for any
circuit. And if all torservers.net relays are properly indicated to be
from the same family, they will never be selected for both ends of a
circuit.
Potentially, a client opening multiple circuits through multiple
guards (so not using the current standard default of using a single
guard) could have some guards and some exits of concurrent circuits
run by torservers.net if they satisfy the /16 separation.
But that is generally not what is meant by 'end-to-end correlation'.
aloha,
Paul
More information about the tor-relays
mailing list