[tor-project] Launching Ethics Guidelines

Virgil Griffith i at virgil.gr
Thu May 12 09:17:49 UTC 2016

On Thu, May 12, 2016 at 9:26 AM, Roger Dingledine <arma at mit.edu> wrote:
> It puts the relays at new risk. Right now breaking into a rendezvous point
> is not useful for linking users to the onion services they visit. If both
> sides are using short circuits, then the rendezvous point is acting as a
> single-hop proxy. And if we have a design where _sometimes_ the rendezvous
> point knows both sides, then it becomes a smart strategy to attack it,
> just in case this is one of those times.

Okay, That makes a lot of sense.  Okay yes I support that.  If a lot
of users were using Tor2web and a lot of websites were on single-onion
services, I totally understand how that makes the middle nodes juicier
targets for intrusion.  And we'd like to minimize their juiciness.  So
we need a way for (a) a tor2web user to detect if a domain is a
single-onion service or (b) a single-onion service to detect whether
someone is a tor2web user, and then put another hop in the middle.

I don't know of any way to detect (a).  Maybe someone can enlighten
me.  For (b), tor2web requests always have a "x-tor2web: true" request
header.  So the single-onion service could detect that.  It's possible
that someone will modify their tor2web install to not have that
header, but it seems sensible simply to forbid that behavior as
"damaging Tor operators".


More information about the tor-project mailing list