I don’t fully understand the usage implications of the Entry Guards security mechanism as described here and here.
Does this mean one copy of Tor Browser will always use a select few fixed nodes as entry points to Tor? Would a newly created copy in a different directory use a different but also fixed set of nodes that would also always be the same?
Does this mean it is better to keep using the same copy of Tor Browser and update it than to often create new clean copies and use those?
The Workstation (and therefore Tor Browser) doesn’t know anything about your Entry Guards. If it did, that could be problematic should your Workstation become compromised. All traffic leaving a specific Gateway uses the same entry guard (or a fallback). (Will likely soon change to 2 entry guards.)
So usage implications are limited to what the Gateway does, ie connecting to external networks. [tor-dev] entry guards and linkability If you connect to only one network, the default strategy is the recommended one. (ie nothing you need to do)
From what I understand the answer to all my questions is yes! The first relay is always the same if available. Because of this it is generally better to use one and the same Tor browser copy or Whonix gateway, than to change them. I think the Tor project should really put this behavior on their list of warnings, because it goes completely against user expectations.
Still some questions remain
Why are the three nodes listed in the circuit always different? Shouldn’t the first one always be the same?
How does an adversary find out which entry guards you’ve choosen? How this can be used to unmask is clear.
If those relays are observed or controlled by the attacker, then they see a larger fraction of the user’s traffic
Why a fraction, don’t they see everything if they’re the primary relay, which is always chosen when available?
But I haven’t tried to run two instances in different folders at the
same time. I don’t think that’s supported. If you use one after another
it as its own distinct Tor data directory. You can monitor changes in
that directory such as with git.
Fixed: you could all entry guards somewhat “fixed” but it’s still
"dynamic" (these are rotated as per Tor’s implementation).
nodes: deprecated term. Now referenced to as relays.
path selection: always dynamic (unless it’s a long living circuit).