I investigated the network behavior of the tor browser a little bit with resmon on Windows. I discovered that, when connecting to tor via the tor-browser, tor.exe connects to 3 guard relays simultaneously. Visiting a webpage, I saw traffic coming through all 3 of them, although not equally loaded. I watched a video on YouTube to confirm that.
When I start tor.exe manually and using it with another browser via SOCKS-Proxy, this behavior does not occur: There is only 1 connection to a guard relay, through which all traffic comes through.
Tor-Browser version is 13.0.
- Is this normal?
- Can this increase the risk of compromising anonymity?
- If yes, where can I disable it?
Thanks for your help.
Yeah, there have been issues with Tor creating extra guard connections for years.
I had assumed it was directory guards, so we lowered that param: Set guard-n-primary-dir-guards-to-use=2 (#325) · Issues · The Tor Project / Network Health / Team · GitLab
Apparently it is something else, because I also see 4 guard connections in my Tor.
I have filed Tor has extra guard connections (#40876) · Issues · The Tor Project / Core / Tor · GitLab.
So can this damage anonymity or does it not matter? Presumably not otherwise they would have probably fixed it by now.
I have looked at the article but it is too complex and in depth for my level of understanding. In a simple yes or no - is it something we should be worried about?
I personally have noticed that I tend to get the same relays when I connect to tor lately and I only get different relays if I wipe all cached data and restart the browser, which is kind of concerning but I’ve seen plenty of people on Reddit mention the same thing so I know its not just me.
I’ve configured a few hundred guards and bridges that I trust. Then it doesn’t matter whether the connection is established to 1 or 4.
But doesn’t excluding guards and relays create a less random and less anonymous connection? I remember people being advised against excluding countries so the same logic probably applies to guards too.
Update: Upon further digging it appears that the current guard behaviour is indeed dangerous.
“the use of 3 directory guards is a highly unique fingerprint that can be used to track Tor users as they move from network to network”
From: Set guard-n-primary-dir-guards-to-use=2 (#325) · Issues · The Tor Project / Network Health / Team · GitLab