Hi,
I am running a couple of relay nodes and now I would like to set a bridge relay. The `torrc` file says the following: --- ## Uncomment this if you run more than one Tor relay, and add the identity ## key fingerprint of each Tor relay you control, even if they're on ## different networks. You declare it here so Tor clients can avoid ## using more than one of your relays in a single circuit. See ## https://www.torproject.org/docs/faq#MultipleRelays ## However, you should never include a bridge's fingerprint here, as it would ## break its concealability and potentially reveal its IP/TCP address. #MyFamily $keyid,$keyid,... ---
I understand that I should not add the bridge fingerprint to the MyFamily setting of my other relays, but should I set MyFamily on my bridge (with the fingerprints of my other nodes)?
I suppose that the logic of avoiding to have the same circuit through multiple relay controlled by the same operator is still valid, but I don't know if this could be a problem.
C
I am running a couple of relay nodes and now I would like to set a bridge relay. The `torrc` file says the following:
## Uncomment this if you run more than one Tor relay, and add the identity ## key fingerprint of each Tor relay you control, even if they're on ## different networks. You declare it here so Tor clients can avoid ## using more than one of your relays in a single circuit. See ## https://www.torproject.org/docs/faq#MultipleRelays ## However, you should never include a bridge's fingerprint here, as it would ## break its concealability and potentially reveal its IP/TCP address.
#MyFamily $keyid,$keyid,...
I understand that I should not add the bridge fingerprint to the MyFamily setting of my other relays, but should I set MyFamily on my bridge (with the fingerprints of my other nodes)?
what do you mean by "other nodes"? other bridges?
generally speaking: - please don't run bridges and exits at the same time - don't add MyFamily lines to your bridge's torrc file - don't put bridge fingerprints or hashed fingerprints into your relays' torrc files
On 22/07/2018 18:57, nusenu wrote:
I am running a couple of relay nodes and now I would like to set a bridge relay. The `torrc` file says the following:
## Uncomment this if you run more than one Tor relay, and add the identity ## key fingerprint of each Tor relay you control, even if they're on ## different networks. You declare it here so Tor clients can avoid ## using more than one of your relays in a single circuit. See ## https://www.torproject.org/docs/faq#MultipleRelays ## However, you should never include a bridge's fingerprint here, as it would ## break its concealability and potentially reveal its IP/TCP address.
#MyFamily $keyid,$keyid,...
I understand that I should not add the bridge fingerprint to the MyFamily setting of my other relays, but should I set MyFamily on my bridge (with the fingerprints of my other nodes)?
what do you mean by "other nodes"? other bridges?
No, middle nodes. I am running two middle relays (i.e. not exits) and I would like to run another node as a bridge from home. I should also point out that the new node I want to run in principle has a dynamic IP.
I understand I should not put the fingerprint of the bridge in the torrc of the two middle relays, but I was wondering about the vice-versa.
generally speaking:
- please don't run bridges and exits at the same time
Ok, that's news (I have not read this advice anywhere else)
- don't add MyFamily lines to your bridge's torrc file
Ok, then the torrc file could be clearer about this.
- don't put bridge fingerprints or hashed fingerprints into your relays' torrc files
This is what is currently explained in the comment in the torrc template.
Thanks for your help.
C
generally speaking:
- please don't run bridges and exits at the same time
Ok, that's news (I have not read this advice anywhere else)
it would allow end-to-end correlation and we had this before on this list, I'll ask Moritz about his bridges again
- don't add MyFamily lines to your bridge's torrc file
Ok, then the torrc file could be clearer about this.
tor-relays@lists.torproject.org
-
Cristian Consonni -
nusenu