12

Being a LiveCD with no persistent storage by default, Tails currently does not use persistent Tor entry guards. In a recent post on the Tor blog, arma discussed the possibility of "improving Tor's anonymity" by increasing entry-guard persistence.

Is it dangerous to use Tails without persistent entry guards? From discussion on the Tails wiki, I gather that there's some tension between making entry guards persistent, and the ideal of complete amnesia. Is there unavoidable tension between being incognito and amnesiac?

Andrew Lott
  • 2,754
  • 5
  • 29
  • 46
esa
  • 209
  • 1
  • 3

1 Answers1

2

It depends on the threat model.

When one assumes an passive adversary keeping logs to which entry guards one is connecting to and when one plans to use Tor from different internet access points, it might be better to have non-persistent entry guards. This question Tracking User Location using Entry Guards? wheter this may or not be the case.

When one assumes an adversary hosting its own entry guards, it is safer to use persistent entry guards. Why? See question Why is a longer guard rotation period with fewer guards better than the other way around? and Peter Palfrader's answer.

The Tails developers have plans to implement persistent entry guards, see ticket. That ticket also contains additional extra information, such as a link to a discussion about a missing feature: Location-aware persistent guards. In an ideal world, users could enter a pin/token/password to choose various sets of entry guards (discussed in this Tor track ticket).

Community
  • 1
adrelanos
  • 2,847
  • 2
  • 20
  • 35