I found a very similar topic, but it was specific to snowflake, while I’m considering webtunnel (and perhaps obfs4), which don’t make separate STUN connection AFAIK.
Could you please help me understand if using a self-hosted (at home) tor bridge as as your own entry node considered harmful for your anonymity?
Is it a problem that the first hop is at your own IP address and the other two hops are external? If so, why or why not? Does it violate any fundamental assumptions behind tor circuits? Are you aware of any academic studies or other publications/documentation that discusses it in more detail?
Advantages of setting up a tor bridge with sole purpose of blending your traffic with other users . Especially as I read (in this guide) that tor can let you reuse the already established tcp connection. directly via the same connection. Other users use your bridge on a regular basis together with you and perhaps also your hidden services. ISP monitoring of your exact connection times should be harder (not sure how much exactly, but still)? I don’t understand why hosting a bridge outside of your geographic location is necessary?
Please see network topology diagram below showing the two scenarios. 1 with bridge hosted on your own network and one with an external bridge. Is any one weaker than the other in terms of de-anonymization risks (as described above)?
also I found in the original 2004 white paper on tor:
“If Alice only ever uses two hops, then both ORs can be certain that by colluding they will learn about Alice and Bob. In our current approach, Alice always chooses at least three nodes unrelated to herself and her destination.” But could someone explain why they need to be unrelated?
Does it have to do only with correlation attack? Has it ever been more precisely quantified?
I’ve also heard that entry and exit nodes are the most important ones. Wouldn’t increased security of a self-hosted bridge outweigh any potential drawbacks?
I’m not a Tor expert, but IMO always using a local bridge is basically equivalent to having a Tor circuit of 2 hops, instead of 3. Thus, for one given circuit, if just the exit relay and the middle relay collude, they will know the source and the destination IP of the traffic.
Effectively you get no extra privacy from your entry relay if it’s always at your home.
However, to make a conclusion that the actual Tor user is behind that source address, the adversary would have to know that you do, in fact, use Tor in such a way, which most people don’t. I.e. they will know the IP address of the entry relay, but they won’t be sure if the real Tor client is behind that IP, or if it’s on a different IP, but is just connected through this entry node.
If Alice were to pick an entry relay that is always close to her home, the middle relay would know that the Tor user lives close to that entry relay. If Alice were to pick an exit relay that is always close to the destination, the middle relay would know that the destination is close to that exit relay.
IMO it would be safer to just run a relay at home, but not always use it as the entry node. This way your actual Tor client traffic will be mixed with your Tor relay’s traffic, making it hard to differentiate one from the other.
always using a local bridge is basically equivalent to having a Tor circuit of 2 hops, instead of 3
yes, that’s correct, please see scenario A in above diagram, where only ISP 2 and 3 are needed to reassemble the circuit
It would help me though if I could understand why tor uses 3 hops in the first place and not 2. I am assuming it’s correct, but in the end you only need to 2 nodes (entry and exit) to reassemble the circuit, so I am not sure what’s the difference really.
I am tempted to conclude though that using the same entry node, especially if it’s in your physical location puts you in higher risk of deanonymization, because it reduces your ‘anonymity set’. I am not 100% sure though, haven’t seen it properly explained yet.
Any potential gain of blending the traffic with other users wouldn’t be worth it?
I found mentions of other people (Ross Ulbricht trying to combat “sniper attacks” on silk road) that used their own bridges but only in large numbers (fleets), not as a single bridge and likely not in the same location.
IMO it would be safer to just run a relay at home, but not always use it as the entry node. This way your actual Tor client traffic will be mixed with your Tor relay’s traffic, making it hard to differentiate one from the other.
Exactly, I am wondering about the same thing - would running your own relay to blend in with others (but not using it directly) would still provide a cover traffic? Are you aware of anyone doing it? It scares me how little such techniques are documented on the internet.
