On 24/03/2025 16:48, bjewrn2a--- via tor-relays wrote:
is there any documentation on self-hosting a bridge at home and using it for
your own connections?
I am trying to understand why this isn't a recommended setup, would it lead to
de-anonymization? Why/how much?
your traffic blends with other users directly via the same connection
other users use your bridge on a regular basis together with you and your
hidden services
ISP monitoring of your exact connection times are made harder (not sure how
much exactly)
I don't understand why hosting a bridge outside of your geographic location is
necessary?
is it a problem that the first hop is from your own IP address if the other two
hops are external?
were there any studies or similar questions asked before? I couldn't find
anything
I can't find help anywhere, so would appreciate any advice
Tersely: CWE-656.⁽¹⁾
If you have nothing to hide about your security, you have nothing to
fear. But in the proposed setup you have something to hide, and
therefore to fear about.
The approach relies entirely on the adversary not being aware, how
things are set up. With this reasoning we could simplify it even
further. Set up your own exit node, connect directly from it, skipping
the entire Tor. As long as the adversary doesn’t know, you blend into
traffic and can’t tell the difference.
But this isn’t how security works and security through obscurity is a
frequent anti-pattern. Tor’s security is rooted firmly in maths and
network’s design, that are completely open. Whatever the adversary knows
about them, it’s of little help. The guarantees of high cost to
circumvent the protection still holds.
With the proposed setup you throw away those guarantees. Replace them
with little more than hope. Yes, it does provide some protection. But
this is the same kind of protection as hiding keys under the doormat.
Cheers, mpan
____
⁽¹⁾ https://cwe.mitre.org/data/definitions/656.html
_______________________________________________
tor-relays mailing list -- [email protected]
To unsubscribe send an email to [email protected]
