> Concerning an ISP controlling both entry and exit nodes: when Tor > clients build paths, they avoid choosing two nodes on the same /16 > subnet (see path-spec.txt). So, it does not seem that this is likely to > happen.
This is false. These are actually both at the same ISP (Same datacenter, same provider): 72.9.108.50 - Tor router Nadia. 66.199.240.51 - Tor router Lillemy. In this case there's no simple way to figure out that they are next to each other (sort if, four rows of racks away or something like that). They're in MyFamily, so Tor knows not to use both of those in the same path in this case, but it should be assumed that The Adversary isn't going to tell Alice or Bob about it's involvement with multiple routers. Just to give another example, some of Norwegian Goverument ISP Telenor's /16's: 85.167.0.0 80.213.0.0 80.212.0.0 It don't know if this information really matters regarding the paper in question. I just wanted to point out that looking at /16, or /8 for that matter, does not in any way prevent one Tor circut from going entirely within one ISP's network. Does it really matter? I don't know. Something like the directory authorities looking at the servers netname: could be one way of identifying routers within one ISP. But.. that'll probably help if the ISP is the adversary. And this may be the case. So perhaps only one tor router pr. ISP would be a good idea. It may also be the case that ISPs in a whole country is the adversary, for example, SORM hardware connected to Federal Agency of Government Communications and Information (FAGCI) is installed at ALL the ISPs (There are some fights about this laid out the press from time to time, some refuse, but generally speaking ISPs got SORM). FAGCI also owns RELCOM, a major ISP. So FAGCI as the adversary: No exit/entry within Russia in the same circut. But does listing a whole country as one family help? Is it a good idea? Or is /16 enough? My personal assumption is that if FAGCI wants to know the location of US forces in Irak and around Iran - so they can pass it on to Iran - and we assume they assuming the US use Tor for their security... ...then FAGCI should just sign up Tor-servers at as many different ISP's around the world as they can afford (And FAGCI is very well-funded). Which kind of leaves the solution: Grow Bigger. Tell your friends to run Tor-servers. Tell your corporation to do so. Tell NSA and other branches of DoD to do so. And FAGCI. ;-) It's possible to change path-spec.txt to look at ripe's netname:, or look at the country, or look at /8 instead of /16. But the real answer as I see it is just a way bigger Tor-network, 800 routers, pfft, setup 800 yourself and you're half the network. 8.000 routers, now it's getting very expensive to be half the network.
