Delivery-Date: Fri, 08 May 2015 03:23:49 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 194181E10DA
	for <archiver@seul.org>; Fri,  8 May 2015 03:23:48 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 4EC5E3522C;
	Fri,  8 May 2015 07:23:44 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 922A435205
 for <tor-talk@lists.torproject.org>; Fri,  8 May 2015 07:23:40 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 6InaMxbliYvQ for <tor-talk@lists.torproject.org>;
 Fri,  8 May 2015 07:23:40 +0000 (UTC)
Received: from smtp-gw11.han.skanova.net (smtp-gw11.han.skanova.net
 [81.236.55.20])
 by eugeni.torproject.org (Postfix) with ESMTP id 3B679350A2
 for <tor-talk@lists.torproject.org>; Fri,  8 May 2015 07:23:39 +0000 (UTC)
Received: from miskatonic.local (78.73.33.144) by smtp-gw11.han.skanova.net
 (8.5.142.07) id 54E6F832015A2B30 for tor-talk@lists.torproject.org;
 Fri, 8 May 2015 09:23:35 +0200
Message-ID: <1431069799.17164.14.camel@larsluthman.net>
From: Lars Luthman <mail@larsluthman.net>
To: tor-talk@lists.torproject.org
Date: Fri, 08 May 2015 09:23:19 +0200
In-Reply-To: <FFF053A9-9282-4469-A2D3-BDB49B8E7FD6@ruggedinbox.com>
References: <FFF053A9-9282-4469-A2D3-BDB49B8E7FD6@ruggedinbox.com>
X-Mailer: Evolution 3.12.9-1+b1 
Mime-Version: 1.0
Subject: Re: [tor-talk] Friendly LAN bridge -- bad idea?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============4210733878601463567=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============4210733878601463567==
Content-Type: multipart/signed; micalg="pgp-sha512";
	protocol="application/pgp-signature"; boundary="=-eMbZNBmqIIw88WLQjEPE"


--=-eMbZNBmqIIw88WLQjEPE
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, 2015-05-07 at 23:34 +0000, Nathaniel Goodman wrote:=20
> Hello,
>=20
> Around here all devices and usual guests use tor. This of course
> generates many direct connections to the tor network.=20
>=20
> We were wondering if there would be any negative (privacy)
> implications from running a private bridge inside the LAN to which all
> the devices around here would then connect instead of making a direct
> connection to the network.

I've thought of using a similar setup on local networks - configuring
the main router to run a private Tor bridge and blocking all other
traffic. The problem with this is that every normal circuit only gets
two hops out on the internet - your private bridge is the first hop, and
then there's a middle hop and an exit on the internet. Also, since the
private bridge would be the guard node and it is on your local network,
the first hops out on the internet would change much more frequently
than if you didn't use the private bridge but connected to guard nodes
out on the internet. Both of these properties may reduce the anonymity
of Tor users on your local network.

These problems would be avoided if

a) Tor treated all bridges as a 'zeroth hop' and built three-hop=20
    circuits _after_ the bridge, with the first hop being chosen
    using the normal guard selection algorithm, or

b) There was a special 'local bridge' type which, when used,
    forced the client to build four-hop circuits with the above
    properties.

I don't think there's any way of achieving any of those without
modifying Tor.


--ll

--=-eMbZNBmqIIw88WLQjEPE
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iQIcBAABCgAGBQJVTGR0AAoJEFhtKt5tmcUS7ccQAILfuOLAPkpD1paP8FZhQfXy
RJc3dB/BygcOLDkE3+pkDlRhzXBsLznkmsATAtwDEOrk5zVhRW6Npv917bv9KqAs
qddmpvStNCNvJpuzlue1slz6hdy6Xlm2KBbEa8KTh37himDEm1KsqQA1xlWMZHxg
bvwyZYiu5i0M8Oc4GM/56uS79vR/HK6RzZtfAgjOL55oEWYsRIOrlFaD6ayhkDHL
RksOCtFFEiEcCuHyDi84Sw1NJb+7W0Xcea+FeMwWGtkvjiKbvdXRPHu+OEJ121cS
LfRcd21/4iW6RVsUMCbYXzXnQ1cN6ry+wqrvBxEBEtIoVhuEMPGNO/Z5VD2QHsL1
sVskt3jy5TB8TYUs8L8XU33Iyt0T+jG7BRhfdeKqQHZUZkptFknIcLXM6Lf92x1y
yiVIoaVrVSu3PhH41VR8O71nxUcv3IvJKkgcksvKf1xPIeeLj7HcjpDr02xQdBxM
krElahZSSw9V/uKpNzF3odSG4RwPAjLFb53ZY2q7dc4rtuoO9uIo5W3z/ZcUU1vg
M4HmWcqMErEGB2KpDBqbH3+2DfkZ/FpfIYiBZKKdJhmZuOX4/HbU2LhjjQOh3KzG
YzJI+ZYG/7UJpQakOwrE7sRzS7s26iM0eS3Ni6/9IFucd3mLBbffUufPG0LwUa78
w+gCLacVtD5g2BPbhE9l
=vevm
-----END PGP SIGNATURE-----

--=-eMbZNBmqIIw88WLQjEPE--


--===============4210733878601463567==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============4210733878601463567==--

