On 2018-01-08 14:09, Tortilla wrote:
On Mon, January 8, 2018 11:25 am, Dave Warren wrote:
On 2018-01-08 03:21, Florentin Rochet wrote:
Perhaps in the case that the HS operator is not trying to mask the HS location, the act of mixing public relay traffic can be nothing but a *help* to defeat anyone trying to correlate traffic coming to the HS with traffic emanating from any one client.
Yes, if the HS operator does not want to mask the HS location, then it is all good. For that purpose, I agree that the warning message should be changed.
Indeed. I run some public resources (e.g. torproject.org mirror) on a public URL with a .onion site as well. Nothing is intended to be hidden, I simply want the content of anything I mirror to be available to Tor users without relying on an exit.
After an "abuse" report warning me that my hidden site is "leaking" its location, my root robots.txt and a separate README file now both display the public and .onion addresses with a note that nothing is intended to be hidden. (I also appreciate the individual who sent the warning!)
On the flip side, to a new/naive hidden service operator the warning could be useful as it may not be immediately obvious to someone just dipping their toes in Tor as to why and how this configuration might reveal their hidden service's real physical location.
Certainly! I'm not new to Tor/HS and still got tripped up by this, especially seeing the issue as having been closed, not having realized it has not in fact been "fixed" and the only thing done was to add a startup warning. The issue really should be re-opened. It's not unreasonable to conclude that if the issue linked in the warning is closed that the warning is obsolete.
I think the issue itself should be listed as WONTFIX, as this is simply a reality of how the internet works. Even if Tor didn't supply any relay statistics, a curious and enterprising individual could "explore" by seeing what happens to a particular onion when one launches a DoS attack against an external IP that one believes might be connected to the .onion service.
Notifying the administrator is sufficient, but I don't think an otherwise harmless log WARNING is sufficient to know that the administrator has been notified. Given that an administrator may not even review the logs if everything is functioning the way they expect, I would like to see something that forces the administrator to make a conscious choice.