0

If selecting a trusted entry (guard) node is crucial, why not self-host a bridge at home? Is it important to use 3 external relays or can one relay be selfhosted at your origin address leaving only two "external hops"? In other words would 1 relay that you own and that uses your own private IP + 2 external tor relays be a less or more secure setup than using the default 3 external tor relays?

I am also weighing this against using an external webtunnel bridge to hide your first hop, which I assume is more important than the other two. However, when selfhosting and using bridge while your ISP would see that you are reaching out to tor your traffic would blend with others (as explained in vanguards guide).

A similar question has been asked before, but I don't think it considered these aspects.

EDIT: please see network topology diagram below showing the two scenarios:

https://0x0.st/8jpG.png

1 with bridge hosted on your own network and one with an external bridge. Is any one weaker than the other in terms of de-anonymization risks (as described above)?

vqqkomb0
  • 1
  • 1

1 Answers1

0

You can just host a tandem of two nodes to achieve a better functionality: the one will be the middle node that will be elected as a guard from time to time, and another one will be routed through it and will be a private OBFS bridge. You can not host a guard node - just because the guard status is electable, not selectable in config like an exit node or not

Alexey Vesnin
  • 6,385
  • 3
  • 15
  • 36