On Mon, January 8, 2018 2:21 am, Florentin Rochet wrote:
Hey Tortilla,
Sorry for the late reply:
On 2018-01-05 21:13, Tortilla wrote:
The issue is fixed by adding the above warning message: if you care about your hidden service's "hidden" property, do not run a relay on the same process.
Would you mind elaborating? As I read the tracker link, the issue was an informational leak in bandwidth reporting that has now been solved and closed. As such, the startup warning is misleading unless there are other concerns (such as Igor's below) and in which case, the warning should be re-worded. Why do you say it is *fixed* by adding a warning?
https://trac.torproject.org/8742 issue is already a stronger concern than Igor's point, and there are more. The informational leak in bandwidth is still there today, since these measurements are public. The issue is marked as fixed because, if you do relay+HS, you got a warning "not secure" that links to a possible attack (#8742) to recover your HS's location.
To be honest, I don't really get why you feel that the startup warning is misleading. Is it because it links a fixed and closed trac issue?
Now I understand. The misunderstanding was because the description of the issue lists three "Possible solutions," none of which include merely adding a startup warning and punting on the real solution. And yes, because the issue is marked as closed. Seems a little weak to consider the issue closed, at least IF it's not considered impossible due to other design constraints, and the comments on the issue don't give that impression.
So I had assumed that with the issue being closed, one of the "Possible solutions" had been implemented and the information was no longer being leaked. I do think it's pretty important for people reading that startup warning and following the link to see that the issue is in fact NOT fixed.
Whoever has permission to do so really should re-open the issue!
Thanks for your other comments, Florentin.