[tor-talk] Is setting family an improvement to user safety?

Sebastian G. <bastik.tor> bastik.tor at googlemail.com
Sat Feb 18 09:50:54 UTC 2012


Hi,

I guess there has been a design decision to implement bridges.

In the first place setting family reduces the amount of combinations
that could be picked for a circuit.

Outline: The Tor network has 6 nodes, they are all exits (entry, middle
and exit at the same time), there are no guards. All 6 nodes run on
different networks. 3 are run by the same person. 3 are run by an adversary.

Example one: no family has been set.
In the best case one uses only "good" nodes.
In the worst case one uses only "bad" nodes.
There's the chance one uses 2 "good" and 1 "bad".
There's the chance one uses 2 "bad" and 1 "good".

Example two: Family has been set by the honest guy (good nodes)
Now it's impossible to use only "good" nodes.
It's still possible to use only "bad" nodes. (Worst case)
In the best case one uses 2 "good" and 1 "bad".
It's still possible ones uses 2 "bad" and 1 "good".

Example three: Family has been set by both.
There's the chance one uses 2 "good" and 1 "bad".
There's the chance one uses 2 "bad" and 1 "good".
The bad case can't happen anymore. (The attacker plays to the rules)

Maybe it's an implementation that makes sense, as my example contains
only 6 nodes and 50 percent where controlled by an adversary.

Maybe it scales very well. And reduces the risk of hitting three bad
relays (of course there exist guards too). While it seems possible to
hit (the only) three bad ones even with 3000 good relays, that might be
just me. Also good and evil (bad) can't be told apart that easily.

Any comments about it? (I guess there's a reason for implementing it)
Please don't waste your time, you can point me somewhere or explain in
short sentences. "no it isn't because of the scaling there's no risk at
all."

There are more important things to do.

Regards,
bastik_tor


More information about the tor-talk mailing list