Skip to content

Alter Guard Alg to fail faster in Trapper Attack scenarios

As per torspec#320 and https://spec.torproject.org/proposals/344-protocol-info-leaks.html#121-guard-trapping-attacks, and our guard algorithm is vulnerable to trapping attacks.

We might be able to hack the implementation to give up sooner and fail over to Tor Browser bridge autodiscovery, such that it is not possible to redirect a client to any arbitrary guards.

We also want to make it harder to give up on primary guards, as well, and fail over to anticensorship sooner if those become unreachable.

I am not entirely certain that it is possible to fully mitigate this vector without a redesign of the guard alg, but maybe if @dgoulet and I stare at the maze long enough, something will come to us.

If we do find a way, we'll also file a new spec update ticket, and arti ticket for those hacks.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information