Can I specify introduction points manually?

3 months ago

When hidden service is setting up, it chooses randomly some Tor nodes and asks them to act as introduction points. Can I control this phase? Can I choose these nodes manually, or at least specify countries which I want my introduction points to be in?

last year

I can't find anything like it in the config file, but why would you want to? Are you sure you want to trade in anonymity for whatever it is you want? If you limit your introductory points it might give away some information about your domain.

last year

I just don't want to give it to chance.

If the NSA controls, say, 20% of all Tor nodes, I want to be sure my introduction points are at least not in the USA.

last year

If I understand right, introduction points are accessed by the hidden service with a tor circuit, just like as if you use Tor as a client. I'm not sure if this is really true, but I think they are just exit relays that have to the job of keeping your domain & public key on Hidden Service Directory Servers. The only thing anyone will really know (this includes the exit/introductory relays themselves) is what public key belongs to your domain, and what introduction points it can talk to in order to start a session. I think the only weaknesses you have to worry about is the ones that any Tor circuit has, but since you are not transmitting secret information I think your only worry is an attacker is able to track you. So you could probably either blacklist the nodes that you don't trust, or whitelist for the ones you do.

I've found the taken a look at the Tor manual, and you could use the following configuration options:
ExcludeNodes & ExcludeExitNodes for blacklisting and
EntryNodes & ExitNodes
I don't know why there are not exclude options for entrynodes or an (Middle)Nodes option.
Basically you can add a comma-seperated list with country codes or ip addresses you like (or don't like). Judging from the manual I think country codes are 2 digit. For example:
ExludeExitNodes {us}
EntryNodes, 123.456.87.0/8
Or something like that.
Then of course, if Tor finds no session could be established with your rules, it will break your rules and create a circuit with nodes from your black list or not from your white list. This can be changed with the ScrictNodes option, if you so desire:
StrictNodes 1
Take a look at the manual for more information:


You are not logged in. Login or register to reply on this thread.