[tor-bugs] #13843 [Website]: Add a faq entry for "You should change path selection to avoid entering and exiting from the same country."

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Nov 28 08:09:12 UTC 2014 

#13843: Add a faq entry for "You should change path selection to avoid entering and
exiting from the same country."
-----------------------------+-----------------------
     Reporter:  arma         |      Owner:  Sebastian
         Type:  enhancement  |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  Website      |    Version:
   Resolution:               |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+-----------------------

Comment (by amj703):

 I agree with George, although I don't think that choosing guards and exits
 in different countries has any absolutely killer flaws. The biggest
 problems I see with the idea are
   1. If the adversary can link together connections by the same
 pseudonymous user over time (say by monitoring a website that you log
 into), then he can get an idea of which countries your guards are located
 in. This is slowed down by the fact that you randomly switch among your
 guards, although if you move to one guard, then it won't be.
   2. The same "linking" adversary could be able to determine when exits
 from certain countries are being avoided (again, made easier the fewer
 guards that you have), thus revealing a non-standard use of Tor that may
 be uncommon and identifying.
   3. The adversary can attract more users to his guards and exits without
 adding more bandwidth by placing them in rare countries. But really the
 way Tor should respond to this is to become more diverse as a result of it
 mattering more.

 However, as George also mentioned, my biggest problem with this idea is
 that it doesn't seem to be a particularly useful defense in the first
 place. What attack does it prevent? An adversary that is only willing or
 able to do traffic correlation at the relays? I'm not sure why you'd think
 that he's constrained so strongly to borders, or why he wouldn't also be
 willing to run exit relays conveniently placed outside of the country, or
 why he wouldn't be willing to do surveillance on user or destination
 locations (especially targeted ones).

 And once you do start thinking about taking into account client and
 destination countries when selecting paths, then you really open yourself
 up to revealing the client or destination location over time. I had to
 deal with these issues when designing the Trust-Aware Path Selection
 algorithm (TAPS) that Paul talked about at the last SAFER PI meeting.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13843#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list