[tor-bugs] #16824 [Core Tor/Tor]: Emit a warning message about side channel leaks when using relays as clients

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu May 17 15:00:33 UTC 2018 

#16824: Emit a warning message about side channel leaks when using relays as
clients
-------------------------------------------------+-------------------------
 Reporter:  starlight                            |          Owner:  (none)
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  High                                 |      Milestone:  Tor:
                                                 |  0.3.5.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.2.6.10
 Severity:  Normal                               |     Resolution:
 Keywords:  mike-can, tor-client tor-relay       |  Actual Points:
  sidechannel logging easy                       |
Parent ID:                                       |         Points:  1
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by starlight):

 Replying to [comment:42 starlight]:
 > Seemed to me a warning would arrive once client activity commenced on a
 traffic forwarding relay.  Had not considered how it would be implemented,
 whether SocksPort!=0 and ORPort!=NULL would trigger it.  Perhaps the
 message should emit on the first socks connection when ORPort is
 configured?  Or perhaps SockPort=0 should default when ORPort is set and
 the message arrive when both are asserted?
 >
 > To quote my earlier self:
 >
 > > 2) some consider it a reasonable idea to configure a client
 > > and relay in the same daemon instance with the belief
 > > that this would obfuscate local client traffic to some
 > > degree; but with the implementation as it presently
 > > stands such an idea is false and should be denigrated
 >
 > The idea of the warning is to alert users to potential risk, in
 consideration of the time and effort that will likely pass before the risk
 is alleviated.  Already quite some time has passed.
 >
 > Mike Perry suggested a warning as an alternative to my original idea
 that such configurations be discouraged via a new parameter, his reasoning
 in comment:16 above.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16824#comment:43>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list