@@ -258,24 +258,26 @@ The browser's adversaries have a number of possible goals, capabilities, and att
The adversary can position themselves at a number of different locations in order to execute their attacks.
1.**Exit Node or Upstream Router**
1.**Malicious 1st party websites**
2.**Malicious 3rd party services**
3.**Exit relays or upstream routers**
The adversary can run exit nodes, or alternatively, they may control routers upstream of exit nodes.
Both of these scenarios have been observed in the wild.
2.**Ad servers and/or Malicious Websites**
4.**Middle relays**
The adversary can also run websites, or more likely, they can contract out ad space from a number of different ad servers and inject content that way.
For some users, the adversary may be the ad servers themselves.
It is not inconceivable that ad servers may try to subvert or reduce a user's anonymity through Tor for marketing purposes.
5.**Guard relays**
3.**Local Network/ISP/Upstream Router**
6.**Local network, ISP, or upstream routers**
The adversary can also inject malicious content at the user's upstream router when they have Tor disabled, in an attempt to correlate their Tor and Non-Tor activity.
Additionally, at this position the adversary can block Tor, or attempt to recognize the traffic patterns of specific web pages at the entrance to the Tor network.
4.**Physical Access**
7.**Physical access**
Some users face adversaries with intermittent or constant physical access.
Users in Internet cafes, for example, face such a threat.
