Motivation: avoid exit nodes of a certain country.
I know it’s possible to use ExcludeExitNodes in torrc to exclude specific nodes or a whole country.
I have read however that using such settings can actually degrade anonymity, since this is non default and makes your settings more special / unique.
Question is, is the above correct, and if so, is there any mechanism in Whonix to do that without having the Tor Browser “know” about it? Not necessarily exclude the node initially in the circuit building stage, but rather reload a new circuit if this exit node comes up, or activate a firewall mechanism at the Gateway to stop traffic in this case and alert the user.
I can provide a partial answer to your question. Yes, excluding exit nodes is not recommended. Tor clients (i.e. You) make node selections[1]. Misconfigurations can cause deanonymization and well-intentioned users can easily cause that to happen. Note that node density is highest in only a few countries. If you block them out, your node pool (and anonymity set) is greatly diminished. If malicious nodes are the worry, blocking by country is not a good method. Neither is blocking specific nodes unless you are a skilled analyst. Otherwise, you would be using a blocklist from a stranger on the internet, right?
The Tor Browser “knowing” what nodes it uses is not the issue. Nodes pass many types of traffic. A node’s ability to analyze traffic, no matter the source, is the issue.
[1] Side note: The man who envisioned Tor (David Chaum?) stated that a new project would use centralized route selection to aid discovery requests (legal attacks). This shows that Tor’s routing scheme, while inconvenient for The Man, is effective.
Reloading a circuit when a specific node is used and excluding a node may both effect anonymity in unknown ways.
I do know it would not make a difference if Tor Browser knows about it or not. Either way, you’re still excluding a node from the pool. If the above torproject.org “Choose Entry Exit” applies here, anonymity may be affected
It is correct and has been warned about by the Tor devs repeatedly. Against certain adversaries, your exclusion of node based on IP address is useless and risks making your client take more observable paths in the network.