On Fri, Sep 13, 2013 at 6:54 AM, Leif Ryge leif@synthesize.us wrote:
On Wed, Sep 11, 2013 at 11:20:59AM -0400, Nick Mathewson wrote:
[...]
To avoid confusion, I would phrase that as not as "reveals their location to the adversary" but as "shows the adversary that connections are all coming from the same user." But yes.
(If you want to avoid this, you also need to make sure that your MAC address is randomized whenever you move networks, that you make absolutely no non-Tor connections, and so on.)
Is this tradeoff of using entry guards documented somewhere? I suspect that there may be many users changing their MAC address to protect themselves against this exact threat while not understanding that their entry guard set uniquely identifies them. Perhaps the man page text about UseEntryGuards and NumEntryGuards should mention it? A FAQ entry would be nice too.
I think a wiki FAQ entry and/or a documentation patch would be neat; anybody want to write one?