[tor-bugs] #17945 [Core Tor/Tor]: Stop Tor2Web connecting to (Rendezvous) Single Onion Services
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Feb 9 19:02:16 UTC 2018
#17945: Stop Tor2Web connecting to (Rendezvous) Single Onion Services
-------------------------------------------------+-------------------------
Reporter: teor | Owner: (none)
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor:
| 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor2web, tor-hs, 029-proposed, 029 | Actual Points:
-teor-no, needs-design, needs-proposal-maybe, |
single-onion |
Parent ID: #24962 | Points: 5
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by teor):
Replying to [comment:38 asn]:
> Sorry for being pessimistic here, but do we think this is really worth
the effort?
>
> IIUC this ticket is meant to protect tor2web clients who connect to
single onions.
No, it's meant to protect relays from knowing both client and service IP
addresses. And it's meant to protect relays from being turned into single-
hop proxies. It's like the single-hop exit ban.
> Do we think there are actual tor2web clients who care to be protected?
My understanding is that all tor2web clients are just `onion.to`-type of
services and I bet they don't care about their anonymity.
Some of them are automated hidden service scanners, too.
> If an actual person went through all the effort to compile their Tor
into tor2web mode and then configured their browser to use that, I bet
they kinda know what's going on. What's the class of people we are trying
to protect here, and is it worth going through all that effort?
Relay operators from attacks or legal threats, and relays from DDoS or
overload.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17945#comment:39>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list