[tor-dev] non-anonymous ephemeral onion services with stem

[teor]

> On 24 Jan 2017, at 14:01, teor <teor2345 at gmail.com> wrote:
> 
> 
>> On 10 Jan 2017, at 09:17, teor <teor2345 at gmail.com> wrote:
>> 
>>> For example, maybe I want to use OnionShare to send my friend a 2GB
>>> video clip, but anonymity doesn't matter to me. My friend and I already
>>> know who each other are, and I'm not concerned about leaking what we're
>>> doing, I just don't want to leak the plaintext video footage. In this
>>> case, I might want to use a non-anonymous onion service just to make the
>>> file transfer faster.
>> 
>> Ok, so you trust your friend with your IP and onion address in this use
>> case.
>> 
>> But do you also trust the entire Tor network?
> 
> I opened a ticket for the OnionShare single onion service use case:
> https://trac.torproject.org/projects/tor/ticket/21295
> 
> We'll see what we can do, and try to work out the anonymity implications
> of leaking your IP address to the intro and rendezvous points.

I closed this ticket as "wontfix" with the following comment:

I just don't think this is safe, particularly as part of Tor's current
design.

We are adding vanguards to make onion services harder to discover.
And we want to reject connections to HSDir, intro, and rendezvous points
where there is a client directly connected on both sides.

If someone does want to give up their anonymity, they should run another
tor instance, or restart their current instance in non-anonymous mode.
Or we should develop a feature where controllers can set custom onion
service paths.

T

--
Tim / teor

PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
------------------------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20180130/4b11d0d1/attachment.sig>