I read the following link.
https://spec.torproject.org/path-spec/path-selection-constraints.html
In the description of Path selection and constraints, the following is noted.
We do not choose more than one router in a given network range, which defaults to /16 for IPv4
I also read the following link.
https://spec.torproject.org/vanguards-spec/path-construction.html
Path restrictions, as well as the ordering of their application, are currently extremely problematic, resulting in information leaks with this topology. Until they are reworked, we disable many of them for onion service circuits.
In particular, we allow the following:
Nodes from the same /16 and same family for any/all hops in a circuit
Is this change limited to connection with onion service, or does it include connection with clearnet site as well?
The other day, while using “onion circuits” application ,I saw a circuit that had 2 ips belonging to the same subnet(guard and exit).
Problem is clearnet address was displayed under that circuit.
It disappeared within a few seconds so I couldn’t take a screenshot.
Tor Connection with clearnet site has only 3 relays.
Isn’t it a serious security problem if 2 out of 3 relays have the same subnet ips?(especially if they are guard and exit)
If vanguard is enabled, /16 subnet restriction is disabled for both onion site and clearnet site connection?