[tor-bugs] #2980 [Tor Relay]: feature request: better privacy for node operators

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Mon Apr 25 09:51:28 UTC 2011 

#2980: feature request: better privacy for node operators
-------------------------+--------------------------------------------------
 Reporter:  tagnaq       |          Owner:     
     Type:  enhancement  |         Status:  new
 Priority:  normal       |      Milestone:     
Component:  Tor Relay    |        Version:     
 Keywords:               |         Parent:     
   Points:               |   Actualpoints:     
-------------------------+--------------------------------------------------
Changes (by tagnaq):

 * cc: tagnaq@… (added)


Comment:

 Replying to [comment:1 Sebastian]:

 > I don't like the proposal, tbh. I don't buy that this will make relays
 who are on dynip connections less traceable, because they will make a new
 key and disappear with the old key at roughly the same time.

 This is true unless there are enough other nodes on your network
 "colliding" with your IP+key renew. For networks with lease times >12h and
 a low number of tor nodes this good collision is rather unlikely, but
 there are ISPs enforcing IP renews every <12h. So this feature is becoming
 more useful in the future with more nodes on the same network.

 > Not reporting version is actively harmful, because Tor clients use that
 to decide what to use a given relay for. This design isn't great
 (especially because it prohibits alternative implementations of Tor
 relays, but while we have it we can't introduce an option like that).

 Yes I was not so sure about tor version and BW - lets drop them from the
 common list of settings.

  * ORPort: 9001,
  * !DirPort: 9030
  * Nickname: "Unnamed"
  * !ContactInfo: ""
  * exit policy: reject *:*

 [[BR]]
 > I also worry that a bunch of people set that option without actually
 understanding what it does, thus harming our metrics-related goals without
 a real need.


 So the config option should probably not contain 'Privacy' in the name -
 which is too desireable to have :) ...so probably 'CommonDescriptor' reads
 less desirable ;)

 > I don't see a real threat model that this change could detect against.

 Do you disagree that this feature (rekeying ones in a while + common
 descriptor) would make it harder to link tor nodes to there past ip
 addresses and reduce the privacy impact of running a tor node at home?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2980#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list