[tor-dev] Entry/Exit node selection
Yawning Angel
yawning at schwanenlied.me
Mon Jan 18 23:19:26 UTC 2016
On Mon, 18 Jan 2016 13:53:47 -0400
"Evan d'Entremont" <evan at evandentremont.com> wrote:
> Is there any reason why Tor doesn't select exit nodes which are as
> close as possible to the intended host?
The generic way to ask this question is "AS-aware path selection".
One big general issue is, "there is no accurate map of how ASes are
geographically distributed".
> If I connect to Tor and request a resource from a server on ISP A,
> would in not make sense to enforce an exit node also on ISP A, or if
> not, as close as possible?
Load balancing. Relay capacity is likely not distributed in a way that
matches intended desitnations.
> As well, entry guards should be as close as possible to the user,
> limiting the ability of others to log the connection.
This loses extremely quickly once you have adversaries that can force
ISPs to run relays ("You mean, we send a NSL to Comcast and we get to
be the Guard for all Tor users that are Comcast customers?").
Ditto load balancing concerns.
> In short, it's safer that only my ISP see a connection rather than my
> ISP, a backbone provider, the entry guard's ISP, etc. Systems like
> XKeyscore wouldn't even see the traffic in this case. It seems that
> selecting an exit country may actually be detrimental to anonymity by
> forcing traffic over the (monitored) internet backbone.
Hiding Tor use isn't part of Tor's threat model. The current situation
wrt e2e correlation and AS diversity is sub optimal, but the current
plan is to add link layer padding as a defense (Though it comes at a
~60% cost).
Regards,
--
Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160118/5cf21435/attachment.sig>
More information about the tor-dev
mailing list