I use Tails OS 7.4.1 and have observed behavior when selecting TOR nodes that I consider to be a security issue. As is usual with TOR, the Tor relays (including the guard and exit nodes) change regularly. At some point, however, I had a circuit like this:
64.65.63.15
64.65.63.10
64.65.63.4
All of these IP addresses belong to the same operator, namely 1st Amendment Encrypted Openness LLC. Now, I don’t know 1st Amendment Encrypted Openness LLC and can’t judge their trustworthiness. I’m not a developer, but I’m sure that if all three relays are so close to each other and also come from the same operator, this is a security disaster.
To my knowledge, the Tor Browser should actually prevent this and select Tor nodes that are sufficiently far apart. Could someone please check if this might be a bug?
relays you listed belong to same family so selecting all of them shouldn’t be even remotely possible? Make sure you downloaded Tails from proper address - follow links given in New Release: Tails 7.4.1 | The Tor Project and verify the GPG sig too.
However, these relays look fishy. Metrics report countless nodes in that /24 range and not all of them are marked belonging to same family while they quite obviously should. So in theory it would be possible to pick all three nodes from this operator, just not the ones you listed here.
I’ve downloaded Tail OS from the original source and I’ve also verified the the signature using the feature provided on the Tails download page, so whatever the reason for that weird relay selection is, I don’t think it’s a ‘compromised’ Tails on my end. I really think it might be a bug.
Actually, I might have the last numbers (15, 10, 4) wrong, but I’m absolutely positive that all three of my relays, including the guard and exit node, started with 64.65.63. Unfortunately, I did not take a screenshot, so I have no proof.
All I can do is assure you that I’m not hallucinating.
How would I set up that option in torrc to exclude the nodes?
