I may be wrong on this. It's my understanding that the first hop in
the chain is created differently, via create-fast, than the nodes
after it; this means that someone spying on network traffic that sees
"create-fast" knows that they are looking at a source node, and can
tell the originating IP.
I don't think people spying on network traffic could see this because of
the outer TLS layer, but it does let node operators know that a client
is at the other end of this circuit.
If the first node is made no different than the normal nodes, and
entry guards are not used, then no one knows which node is the first,
and no one knows what to spy on / correlate traffic with. Right?
I think so.
Also, what if the path length was "mostly 2, occasionally 3 if the end
node is not a tor node, but always 3 (2 intermediate notes) ending on
the tor/end node"? Would that help the unpredictable-ness, without
causing slowdown?
I don't get how the end node can be not a tor node.
