What threat is Tor trying to defeat? Region locking or nation states? If the former, then great, select an exit country, or just use a VPN. If the latter, perhaps that actual threat profile should be taken into account.
Is there any reason why Tor doesn't select exit nodes which are as close as possible to the intended host?
If I connect to Tor and request a resource from a server on ISP A, would in not make sense to enforce an exit node also on ISP A, or if not, as close as possible?
As well, entry guards should be as close as possible to the user, limiting the ability of others to log the connection.
In short, it's safer that only my ISP see a connection rather than my ISP, a backbone provider, the entry guard's ISP, etc. Systems like XKeyscore wouldn't even see the traffic in this case. It seems that selecting an exit country may actually be detrimental to anonymity by forcing traffic over the (monitored) internet backbone.
Evan d'Entremont
On 19 Jan 2016, at 04:53, Evan d'Entremont evan@evandentremont.com wrote:
What threat is Tor trying to defeat? Region locking or nation states? If the former, then great, select an exit country, or just use a VPN. If the latter, perhaps that actual threat profile should be taken into account.
Is there any reason why Tor doesn't select exit nodes which are as close as possible to the intended host?
If I connect to Tor and request a resource from a server on ISP A, would in not make sense to enforce an exit node also on ISP A, or if not, as close as possible?
As well, entry guards should be as close as possible to the user, limiting the ability of others to log the connection.
In short, it's safer that only my ISP see a connection rather than my ISP, a backbone provider, the entry guard's ISP, etc. Systems like XKeyscore wouldn't even see the traffic in this case. It seems that selecting an exit country may actually be detrimental to anonymity by forcing traffic over the (monitored) internet backbone.
It depends on your threat model.
My country requires ISPs to retain connection information, so choosing a nearby entry to me, and a nearby exit to a website in this country, would be very detrimental to my anonymity.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
Retain connection information within the network, or ourside?
Either way, aren't they already logging tbat you'rw using tor?
On Mon, Jan 18, 2016, 6:24 PM Tim Wilson-Brown - teor teor2345@gmail.com wrote:
On 19 Jan 2016, at 04:53, Evan d'Entremont evan@evandentremont.com wrote:
What threat is Tor trying to defeat? Region locking or nation states? If the former, then great, select an exit country, or just use a VPN. If the latter, perhaps that actual threat profile should be taken into account.
Is there any reason why Tor doesn't select exit nodes which are as close as possible to the intended host?
If I connect to Tor and request a resource from a server on ISP A, would in not make sense to enforce an exit node also on ISP A, or if not, as close as possible?
As well, entry guards should be as close as possible to the user, limiting the ability of others to log the connection.
In short, it's safer that only my ISP see a connection rather than my ISP, a backbone provider, the entry guard's ISP, etc. Systems like XKeyscore wouldn't even see the traffic in this case. It seems that selecting an exit country may actually be detrimental to anonymity by forcing traffic over the (monitored) internet backbone.
It depends on your threat model.
My country requires ISPs to retain connection information, so choosing a nearby entry to me, and a nearby exit to a website in this country, would be very detrimental to my anonymity.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
On Mon, 18 Jan 2016 14:26:04 -0800 Spencer spencerone@openmailbox.org wrote:
Evan d'Entremont: ... select exit nodes ...
It would be best if people could select their own path (:
You can with the control port. Moving it to a first class feature would be a terrible idea for anyone that isn't a researcher because people will likely get the path selection horrifically wrong.
Regards,
On Mon, 18 Jan 2016 13:53:47 -0400 "Evan d'Entremont" evan@evandentremont.com wrote:
Is there any reason why Tor doesn't select exit nodes which are as close as possible to the intended host?
The generic way to ask this question is "AS-aware path selection". One big general issue is, "there is no accurate map of how ASes are geographically distributed".
If I connect to Tor and request a resource from a server on ISP A, would in not make sense to enforce an exit node also on ISP A, or if not, as close as possible?
Load balancing. Relay capacity is likely not distributed in a way that matches intended desitnations.
As well, entry guards should be as close as possible to the user, limiting the ability of others to log the connection.
This loses extremely quickly once you have adversaries that can force ISPs to run relays ("You mean, we send a NSL to Comcast and we get to be the Guard for all Tor users that are Comcast customers?").
Ditto load balancing concerns.
In short, it's safer that only my ISP see a connection rather than my ISP, a backbone provider, the entry guard's ISP, etc. Systems like XKeyscore wouldn't even see the traffic in this case. It seems that selecting an exit country may actually be detrimental to anonymity by forcing traffic over the (monitored) internet backbone.
Hiding Tor use isn't part of Tor's threat model. The current situation wrt e2e correlation and AS diversity is sub optimal, but the current plan is to add link layer padding as a defense (Though it comes at a ~60% cost).
Regards,
-
Evan d'Entremont -
Spencer -
Tim Wilson-Brown - teor -
Yawning Angel