[tor-relays] torservers.net: some exits became guards? (deanonymization risk)
nusenu
nusenu-lists at riseup.net
Thu Jun 8 12:16:00 UTC 2017
Hi Paul,
Paul Syverson:
> It shouldn't be possible
> to use the relay in both positions simultaneously. And even if it
> could serve as both guard and exit simultaneously, the route-selection
> algorithm would preclude it being used as both ends for any
> circuit. And if all torservers.net relays are properly indicated to be
> from the same family, they will never be selected for both ends of a
> circuit.
I'm well aware of how MyFamily works :)
To quote the page I linked (OrNetStats):
> Operators are only listed if they actually have a chance to do end-to-end correlation attacks, that is:
> their guard and exit probability is > 0%
> they did not properly configure MyFamily
> they run in more than a single /16 network block
For more context see:
https://medium.com/@nusenu/some-tor-relays-you-might-want-to-avoid-5901597ad821
> Potentially, a client opening multiple circuits through multiple
> guards (so not using the current standard default of using a single
> guard) could have some guards and some exits of concurrent circuits
> run by torservers.net if they satisfy the /16 separation.
> But that is generally not what is meant by 'end-to-end correlation'.
By end-to-end correlation I mean "a tor client has a chance to use
torservers.net relays in their entry (guard) and exit position in a
single circuit.
--
https://mastodon.social/@nusenu
https://twitter.com/nusenu_
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170608/5866965c/attachment.sig>
More information about the tor-relays
mailing list