[tor-talk] Network diversity [was: Should I warn against Tor?]

Jens Lechtenboerger tortalk at informationelle-selbstbestimmung-im-internet.de
Fri Jul 19 15:35:26 UTC 2013

On Mo, Jul 08 2013, Jens Lechtenboerger wrote: 
> Being German I restricted EntryNodes to DE and ran traceroutes 
> to the 3 German guards selected by my Tor client.  Two of those 
> traceroutes showed IP addresses of DE-CIX (so I don’t want 
> them), while the third one does not contain any IP address of 
> [2].  I guess I’ll check that out systematically to find “my” 
> EntryNodes. 
[For those who are confused about the context of this: I started 
the original thread.  A write-up for my motivation is available at 
[0].]   I found my guard nodes.  Here is a summary of what I did. 
I started out with a list of 826 Tor nodes located in DE, generated on 2013/07/15 at [1].  Out of these, 232 
are named guards, and 78 are named exits.  I analyzed traceroute data both 
at work and at home.

At work: Only a small number of 25 guards are safe in the sense 
their paths appear to flow neither through IXPs nor through foreign places.  DE-CIX 
alone is traversed to reach 179 guards.  However, 4 guards are located in 
my own Autonomous System (AS).  It seems very attractive to use only 
those (instead of all 25 candidates).  What do you think?

I’d like to point out that during this week I observed route
changes.  Sometimes, less routes go through DE-CIX, so that up to 
39 guards appear to be safe.  Thus, repeated tests are a must.

For Tor exits, traceroute data between me and the exit is less
useful.  Traceroutes between the exits and my communication 
partners would allow to identify IXPs along that way.  I’m not in the position to 
obtain that data.  Nevertheless, if I want to anonymize communication that 
should be local to my country, I’m restricting the exits to those that do not show 
foreign hops.  I found 58 of those.

At home:
Many guards (126) appear to be safe, only one is located in my own 

I’d like to share two sample unsafe routes to Tor guards raspitor2 
and YanLunYiZou, where IP addresses of intermediate hops and target 
with their estimated location are shown:

raspitor2 (;DE →;DE
→;DE →;NL (via IXP AMS-IX)
→;GB →;GB →;GB
→;DE →;DE
→ raspitor2 (;DE (via IXP AMS-IX)

YanLunYiZou (;DE →;DE
→;DE →;ES →;ES
→;GB →;US →;US
→;US →;US →;US
→;US →;US →;US
→;GB →;DE
→ YanLunYiZou (;DE

Those are examples of so-called boomerang routes, where source and
target appear to be located in the same country, yet traffic does
impressive sightseeing and receives lots of unwanted attention. 
Consequently, I’d like to warn against the Tor options to restrict nodes based on country codes.

Finally, at home I found 63 Tor exits that appear to be 
non-foreign.  The intersection between work and home contains the 
following 53
routers, which may be useful for German Tor users: 0x3d002, 
5268A6ED09875EA2F5, AbelianGrape, Atorisinthesky, BZHack,
Biverse, DaJoker, Datenmuehle, FoeBuD3, HarryTuttle, KOP1,
KiwibirdSuperstar, LookAnotherExit, MagmaSoft, Musashi, NeefEef2,
Piper, Resistance, TommysTorServer, Tor4Freedom, Torboinaz,
TuringComplete, arbitrary, armselig, brotherjacob, 
chee, devilproxytor, eisler, felixker, filiprem, ftcalip, 
hamradioboard, hanfisTorRelay, hellinterface, honk, jabla, 
memyselfandi, neonustor, ppbytor1, randomserver, riqochet, 
skyplace, smurfix, spdytor1, superblyhidden, supercow12k, 
tor3aendych, zapit02
Links to my code and a README.txt clarifying necessary 
prerequisites are available at [0].   Best wishes Jens  [0] 
[1] http://torstatus.blutmagie.de/
[2] http://www-rp.lip6.fr/~augustin/ixp/

More information about the tor-talk mailing list