Am 15.04.16 um 11:46 schrieb fr33d0m4all:
Date: Thu, 14 Apr 2016 22:24:30 +0000 From: Yawning Angel yawning@schwanenlied.me To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Using your own Relay as Entry Node Message-ID: 20160414222430.78b9255e@schwanenlied.me Content-Type: text/plain; charset="us-ascii"
On Thu, 14 Apr 2016 21:38:15 +0000 fr33d0m4all fr33d0m4all@riseup.net wrote:
And about using it as a SOCKS proxy to enter the Tor network? Do the same considerations apply or is it even worse to use a relay as a SOCKS proxy?
This is horrible and should *NEVER* be done, assuming any network not physically controlled by you is between you and the SOCKS proxy server[0], simply based on the request (and authentication if you chose to use such things) being in the clear.
Regards,
-- Yawning Angel
[0]: So, SOCKS over an internal network to a VM/magical anonymity box may be ok (depending on your threat model). SOCKS to a VPS somewhere is essentially always a bad idea.
Hi Yawning, I perfectly understand your point... I'm using it as a SOCSK proxy only within my own LAN, which is only used by me. If I ever need to reach it from the outside I would do it by tunnelink the SOCKS connection within an SSH connection to my LAN. But I'm far more interested in what you think about using your own Tor relay as Entry Node, which I think should decrease the risks because it is for sure a not-bad Entry Node.
What do you think about this point?
Thank you for the answers.
Fr33d0m4All
Hi Fr33d0m4All,
In my opinion, you could use your own tor relay as an entry node, although you should think about it this way, too: Browsing through the tor network usually establishes a route through 3 nodes from your side. Always going through your own relay as an entry node means, only two of the three nodes are changing each time you establish a new route to a server.
In my opinion, you are just moving the "trusted entry node" problem to a "trusted middle node" problem, although traffic will be more obfuscated for the middle node because other users could use it over your relay as well.
If I am wrong with this opinion because it's not how the Tor network works, somebody else is free to correct me.
In my opinion, I would try to get at least a small amount of really trusted nodes you use as an entry. Nodes that YOU trust. Could be nodes from people on this mailing list like my node if you trust me. If you don't trust my node for example (e.g. you assume I am running a honeypot or I run it for the CIA or NSA), then just don't put it on your list. If you asked me, I would put 5-10 personally trusted entry nodes on the list, including your own of course.
Best Regards, Michael