[tor-relays] Combined relay and hidden service, good idea or not?
Florentin Rochet
florentin.rochet at uclouvain.be
Fri Jan 5 08:23:53 UTC 2018
Hey,
On 2018-01-05 04:08, tortilla at mantablue.com wrote:
> When operating a hidden service and a relay in one tor instance, tor
> currently warns:
>
> [warn] Tor is currently configured as a relay and a hidden service. That's
> not very secure: you should probably run your hidden service in a separate
> Tor process, at least -- see https://trac.torproject.org/8742
>
> First, that issue has been fixed and closed.
The issue is fixed by adding the above warning message: if you care
about your hidden service's "hidden" property, do not run a relay on the
same process.
>
> Second, I had read in the past opinions stating:
>
> When operating a hidden service, running a relay helps mix traffic so that
> anyone observing traffic from the machine cannot easily run an analysis
> targeted at a hidden service that might exist on that machine.
The part "cannot easily run an analysis targeted at a hidden service"
looks just wrong to me. If you want an example of an active attacker
able to easily uncover such a hidden service (when mixed with a relay),
you can give a look at our paper "Dropping on the Edge: Flexibility and
Traffic Confirmation in Onion Routing Protocols" [1] (to appear in
PoPETs18). The techniques presented are not applied on that particular
setup, but this is somewhat trivial to do.
Best,
Florentin
[1] https://uclouvain.be/crypto/people/show/462
More information about the tor-relays
mailing list