I\'m using TOR (Orbot for Android), and when I look at the log of the connection
ID: 660338 • Letter: I
Question
I'm using TOR (Orbot for Android), and when I look at the log of the connection establishment phase, I see that I'm repeatedly being connected to familiar nodes, especially the Entry Nodes which 3 out of 4 times are the same 3 nodes that I'm connecting to every time! Even the whole 3 Nodes in my path are more often than not also familiar and so much so that I almost see no randomization process happening!
I understand that if 1 malicious node is in my path, my anonymity won't be much affected, but if at least the Entry and the Exit Nodes are malicious, then I'm not anonymous anymore since the entry data and exit data can be monitored and compared.
Question is: How do I force randomization of the connection, and WHY am I being assigned these nodes repeatedly (i.e. is there a known attack in which an entity can deliberately assign users to specific ranges of nodes to strip them out of their anonymity?)
Explanation / Answer
If you delete your TOR data directory, TOR will randomize how it builds new circuits and picks new entry nodes.
However, the behavior you are seeing is intentional. TOR has affinity to a small set of entry nodes, called entry guards. These guards help reduce the chance that you are assigned an entry node which is malicious, because your computer is only connect directly to that small set of entry guards, rather than connecting at random to a different entry every time.
For example, if you start TOR every day for a year, with random assignment that would be 365 entry points and 365 opportunities for an attacker to be your entry node. Instead, by having just 3 entry guards, you only are placing your trust in those 3 nodes, only 3 random opportunities for your entry to be an attacker, smaller chance that one of your entries is an attacker.
https://www.torproject.org/docs/faq.html.en