Hello all, I am wondering if there is any reason why one should not open the socks port of Tor to the public internet? I mean I run a Tor exit or relay, so why should I not open the port and give it to people that can't install Tor on some devices?
Thanks for your thoughts. yl
On 10/22/19 9:33 PM, ylms wrote:
Hello all, I am wondering if there is any reason why one should not open the socks port of Tor to the public internet?
b/c everybody could configure then your Tor eg. with https://nyx.torproject.org ?
On 10/23/19 14:48, Toralf Förster wrote:
On 10/22/19 9:33 PM, ylms wrote:
Hello all, I am wondering if there is any reason why one should not open the socks port of Tor to the public internet?
b/c everybody could configure then your Tor eg. with https://nyx.torproject.org ?
The ControlPort is for configuring Tor, not the SocksPort.
SOCKS is unencrypted and, as Tor uses it, unauthenticated. Using a Tor SocksPort on your local network (or better: local host) is way more secure than using one somewhere on the Internet.
At least make an SSH tunnel if you're going to do this ...
On Tue, Oct 22, 2019 at 09:33:31PM +0200, ylms wrote:
I am wondering if there is any reason why one should not open the socks port of Tor to the public internet? I mean I run a Tor exit or relay, so why should I not open the port and give it to people that can't install Tor on some devices?
Matt Traudt's reply provides one good issue that should make you pause: the socks protocol has no encryption, so even if users use https, anybody watching the traffic gets to match up the users to their requested destinations. So the privacy properties they get are really unlike running Tor themselves.
Another reason I'd discourage providing an open socks port is that random people on the internet will find it and use it as an open proxy, thinking that you're just an incompetent administrator with a misconfigured service, and never knowing that they're using Tor. There are organized crime groups that gather and sell lists of open proxies, and they would eventually find your proxy address, stick it on their list, and then other organized crime groups will buy it and use it for whatever they do.
The Tor network is a commons, and it will remain most sustainable when people who use it think about the impact of their traffic on the network and the network operators.
(That last sentence is why the move by Brave and Firefox and others to consider sending their 'private browsing' traffic through Tor is so exciting. Google et al have taught people that "the cloud" is infinite, and huge companies will just pay to keep it big enough, and that model is not so easy with the decentralized community Tor network.)
--Roger
tor-relays@lists.torproject.org