ipfilterX and TOR
Beware Peerguardian , PeerBlock , etc. users ,
do not rely on anonymity using Tor while on Peerblock Client .
On Wed, May 14, 2008 at 03:31:50PM +0200,
Nexus23 Labs. wrote:
Hi ,
I’m Karl from Nexus23 Labs .
We make research on ip ranges which
we wouldn’t connect to ,
I think you heard of peerblock or ipfilter feature
in many p2p clients ,
so I’m asking you if you and your team
could make available this feature for tor clients ,
the possibility to import such an ipfilter.dat or txt
so to have ability to ban any of the ip ranges
listed in it .
The Answer :
A) Your tool would not be able to ban
the “use” of variousTor nodes in the circuit just
by looking at outgoing connections
to the first hop, since the Tor client tunnels
into connections from the first hop to the further hops.
So if you want to make statements like “don’t use Germany
in the circuit”, a tool that monitors the client’s network
won’t be able to do that.
But more importantly,
B) Tor’s anonymity comes from having
users blending together by making choices over
the same set of data using the same weights.
If a given Tor user started choosing paths differently,
she would stand out,and actually get *worse* anonymity.
This particular field of path selection
is not well-understood and full of pitfalls
that might be extremely bad.
So I would worry that if you provided a feature
like this for your users,
it would end up harming them in unpredictable ways.
Hope that helps,
Roger Dingledine
Note :
Obviously you can still load ipfilterX into P2P Clients
while on TOR ,
that’s why the two things are using different
net protocols .