Mike Perry: > 2. Guard fingerprintability is lower with one guard > An adversary who is watching netflow connection records for an entire > area is able to track users as they move from internet connection to > internet connection through the degree of uniqueness of their guard > choice. There is much less information in two guards than three, but > still significantly more than with one guard: > https://trac.torproject.org/projects/tor/ticket/9273#comment:3
> But, even with one guard, if there are not very many Tor users in your > area, you still may be trackable. "Guard bucket" designs are discussed > on the blog post and in related tickets, but they are complicated and > involve tricky tradeoffs (see > https://trac.torproject.org/projects/tor/ticket/9273#comment:4). The > best solution that I see to this is to make Tor maintain separate guard > choices depending on the current SSID, BSSID, or default gateway router > MAC from ARP. The default gateway ARP MAC is probably easiest for us to > implement cross-platform and stable across wifi to ethernet. FWIW we at Tails have started working on this topic a couple years ago. We came up with a (far from perfect) plan that is documented there: https://tails.boum.org/blueprint/persistent_Tor_state/ _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev