On Fri, January 5, 2018 12:31 pm, Roger Dingledine wrote:
On Fri, Jan 05, 2018 at 03:08:48AM -0000, tortilla@mantablue.com wrote:
Second, I had read in the past opinions stating:
When operating a hidden service, running a relay helps mix traffic so that anyone observing traffic from the machine cannot easily run an analysis targeted at a hidden service that might exist on that machine.
The text of the startup warning seems to contradict that belief. Is there more to know, or is the warning only applicable to the now-closed information leak?
Can someone kindly clarify the current best practice in this regard and address whether or not that warning should be removed from tor's startup diagnostics?
I believe it is riskier to run an onion service on a public relay if you want to keep the onion service's location hidden. The original reason for this recommendation was because it's easier to induce load on the relay, and then look for corresponding congestion at the onion service.
This congestion "guess and check" concern is similar to the concern around running your local Tor client as a bridge. You can read more here: https://blog.torproject.org/risks-serving-whenever-you-surf https://www.freehaven.net/anonbib/#wpes09-bridge-attack
Ah, makes perfect sense. Thanks for the links. I'd strongly recommend changing the tor startup warning; remove the link to that closed issue and leave without further qualification OR include the links you've provided. Having a closed issue linked to the warning can lead one to believe the warning no longer applies.
Do you have thoughts on a scenario when the HS operator is not concerned with hiding the HS location? -- Can operating a relay and HS together help enhance client anonymity, make end-to-end correlation more difficult in that case?