[tor-dev] design for a Tor router without anonymity compromises

coderman coderman at gmail.com
Mon May 4 20:45:53 UTC 2015


On 5/4/15, Leif Ryge <leif at synthesize.us> wrote:
> ...
> So, unlike a transparent tor router, this system is not intended to prevent
> malicious software on client computers from being able to learn the client
> computer's location, right?

hello Leif!

this deserves a longer answer, but you're right. if the attacker is
using Tor itself a Tor enforcing gateway can't protect against those
attacks.

DNS leaks, UDP exfil (like the MAC leaking attacks), Flash based proxy
bypass.  these types of attacks can be stopped and warned about.

a malicious relay, a malicious hidden services, at the network level a
Tor enforcing router can't discriminate or help here.



> An attacker who has compromised some client
> software just needs to control a single relay in the consensus, and they'll
> be allowed to connect to it directly?

you don't even need to control a relay, this could be performed via
hidden service, as well.



> It is unclear to me what exactly this kind of tor router *is* supposed to
> protect against. (I haven't read the whole document yet but I read a few
> sections including Threat Model and I'm confused.)

i will clarify to make this more apparent.

best regards,


More information about the tor-dev mailing list