[tor-bugs] #2980 [Tor Relay]: feature request: better privacy for node operators

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Apr 26 14:51:56 UTC 2011 

#2980: feature request: better privacy for node operators
----------------------------+-----------------------------------------------
    Reporter:  tagnaq       |       Owner:        
        Type:  enhancement  |      Status:  closed
    Priority:  normal       |   Milestone:        
   Component:  Tor Relay    |     Version:        
  Resolution:  wontfix      |    Keywords:        
      Parent:               |      Points:        
Actualpoints:               |  
----------------------------+-----------------------------------------------
Changes (by rransom):

  * status:  new => closed
  * resolution:  => wontfix


Comment:

 Replying to [comment:4 tagnaq]:

 > In the most useful use case of this feature - the Tor relay running on a
 notebook of an often traveling person. This feature would make it
 impossible to use the tor node fingerprint to track the persons movements.

 I fixed #988 in order to make tracking users who try to run a bridge on
 their laptop somewhat harder.  (That bug was actually filed because a
 malicious relay (or someone who can monitor a relay's Internet connection)
 could have passively collected bridge identity keys and fingerprints, and
 then used the bridges' fingerprints to obtain their descriptors from the
 bridge authority, not because of any concern for bridge operators'
 location privacy.)

 But people who run a public relay need to understand that they are
 publishing their IP address, and other information needed for their relay
 to function as part of the Tor network, in a widely available, publicly
 archived list.

 I also think this option would put people at greater risk of
 unintentionally running a public relay.  I found out that [ticket:2408 I
 was inadvertently running an exit node] because I saw my Tor instance's
 nickname on a !TorStatus site; if I hadn't recognized it, I could still be
 running an ''exit node'', and I would be vulnerable to serious attacks
 ranging from DoS (by causing my computer to connect to a
 [https://lists.torproject.org/pipermail/tor-talk/2011-March/019840.html
 ShadowServer honeypot], and thus leading my ISP to turn off my Internet
 connection) to imprisonment (by framing me for a crime).

 I'm closing this ticket as ‘wontfix’, because there is ''no'' chance that
 we would accept this option for public relays -- it provides at most a
 tiny benefit to relay operators, at a large cost to the Tor network.  If
 you are willing to implement some of these features ''for bridge relays
 only'', and you can show that your implementation will ''only'' affect
 bridges, feel free to post your patches on a new ticket.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2980#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list