edepot.com

[edepot]

One of the great things about the Tor service is that it is a free proxy service to get around firewalls and internet filters. But what people don't realize is that your Tor client by default (enabled and impossible to shut off) communicates with only two guard nodes by default. What this means is that your first hop on the proxy is actually through one of two ip addresses running Tor, ALWAYS. These two ip addresses are the Guard Nodes. So a sniffer will know what your first hop is always, and concentrate on your first hop.

The first tor that you hop to will select some random tor node from your collection of tor nodes that have checked a setting
allowing it to offer traffic to the tor service. This is NOT checked by default. So you can expect people who offer this service are about 30 percent or less. This middle tor node will select an exit node from your collection of tor nodes.

Tor exist nodes are not that many either and are VERY rare, and you can expect about 10 percent or less of the total nodes are exit nodes.

So what is the ACTUAL permutation? Your first hop: 2 nodes to check. From those two nodes, about 500 (or less) are nodes that allowed you to use them to get to tor (300 or less more likely). And lastly about 150 exit nodes to check for exists. These are conservative figures. Sometimes there are WAY less exit nodes (perhaps less than 50) if your internet connection is filtered country by country.

So the addition of guard nodes already compromises your first hop. The exit nodes are well known. So the middle layer is the most secure part of the protocol. Now imagine this: what if each of the middle nodes ALSO talks to Guard nodes on its first hop? That means your first hop: to possible 2 nodes. The second hop: to 2 possible nodes. The last hop: to 2 possible nodes. That means people only need to trace through 8 ip addresses to figure out your session from beginning to end through three node hops. That would be extremely insecure. Luckily it seems your second hop is to a pool of nodes that have allowed carrying traffic for you (manual selection, not by default).

Image a man in the middle attack where a country floods the Tor network with exit node and middle nodes. By filtering your first hop to only communicate with compromised guard nodes, they can also filter your middle nodes, and they are essentially able to force the middle nodes to communicate with only with allowed exit nodes. That means your whole connection is compromised. And thus tor has some insecurities, beginning with the Guard Nodes. I think the guard nodes were actually put in to make it easier for connections to be traced. Why is your first hop ONLY to two possible ip addresses? It totally goes against the purpose of a secure proxy.