>> Tor version 0.2.7.6 fixes a major bug in entry guard selection, > >> - Actually look at the Guard flag when selecting a new directory >> guard. When we implemented the directory guard design, we >> accidentally started treating all relays as if they have the Guard >> flag during guard selection, leading to weaker anonymity and worse >> performance. Fixes bug 17772; bugfix on 0.2.4.8-alpha. Discovered >> by Mohsen Imani. > > Is this bug found also in 0.2.6.10, or only in 0.2.7.5?
the changelog says "bugfix on 0.2.4.8-alpha" which means all tor releases since 0.2.4.8-alpha and released before 2015-12-10 are affected. The trac entry is tagged with: 024-backport 025-backport 026-backport As you can see on gitweb.torproject.org Nick is preparing some more releases https://gitweb.torproject.org/tor.git/log/?h=maint-0.2.4 https://gitweb.torproject.org/tor.git/log/?h=maint-0.2.5 https://gitweb.torproject.org/tor.git/log/?h=maint-0.2.6 but most ordinary users will probably (and should) just use torbrowser and the tor version that comes with it (so we might see an update there soon?) > What does "weaker anonymity" mean exactly? How big is the risk? Can this > bug lead to deanonymization? https://blog.torproject.org/blog/tor-0276-released wrote: > For more information on the guard bug, see Roger's preliminary analysis > https://trac.torproject.org/projects/tor/ticket/17772#comment:1 If you want to read more about directory guards (compared to an entry guards): https://gitweb.torproject.org/torspec.git/tree/proposals/207-directory-guards.txt https://trac.torproject.org/projects/tor/ticket/6526 -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
