[tor-relays] [tor-dev] Hidden service policies

Scott Bennett bennett at sdf.org
Tue Jul 22 01:06:41 UTC 2014

Thomas White <thomaswhite at riseup.net> wrote:

> Hash: SHA1
> > Sorry, wrong answer.  If you block connections from other relays, 
> > you break the tor network.  I don't recall offhand whether that
> > sort of breakage might earn your relay either an Invalid flag or
> > being simply dropped from the consensus.
> For a single relay to my knowledge, it shouldn't do. There are many
> reasons some relays can't connect to each other so it doesn't "break"
> Tor as an alternative route is simply found.
     Yes, tor, like many other Internet operations, has some ability to
route around breakage in its network.  However, each time it is necessary
to find a way around it, a cost to the network is incurred in the form
of wasted processing time over many pieces of equipment, wasted traffic,
and likely wasted end-user time.
> > Are you suggesting that the mobbing attacks on HSDIR relays are the
> > actions of botnets?  If so, then you are suggesting that the
> > problem of mobbing of HSDIR relays is probably insoluble because it
> > would not be the symptom of a bug in tor. :-(
> The question is botnet CnC's, the proposal has nothing to do with
> solving the botnet CnC problem and I am also stating Tor is not the
> one who needs to tackle them right at this moment, the budget and


> resources are just not there. However creating a system where
> operators start blacklisting hidden services is extremely bad for
> anonymity both for the hidden service and the user.
     Also agreed.
     I was referring to the as yet unsolved problem of HSDIR mobbing,
which I have long thought was due to a bug somewhere in tor, just as
there used to be a problem with DirPort mobbing.  The DirPort mobbing
bug was eventually found and fixed a long time ago, but the HSDIR
mobbing still hasn't been.  But now you have given me the idea that
perhaps HSDIR mobbing is actually due to other software applying a
malicious attack upon tor relays that have the HSDIR flag.  IOW, I
wasn't arguing with you, just commenting about this other problem in
light of what you had written.

> To answer the rest of your question, I am not a developer. I am
> somebody who cares about anonymity and that is why I run the 2nd
> largest server cluster on the Tor network from my own pocket.
> Filtering or proposing to blacklist anything is not acceptable in my
> view. Whatever solutions individuals care to launch to protect their
> relay is their own responsibility, but actively developing something
> by the core developers to blacklist hidden service is a completely
> despicable idea. To elaborate only on the legal side of things, if I
> can easily block hidden services passing through my relays or if I am
> the RV point for one the government can then serve me a notice

     AFAICT, the introduction point and the rendez-vous point are about
the only places you might be able to block them, though by doing so, you
would again be introducing a form of breakage.  If your relay were at
any other points in the hidden service protocol, you wouldn't have any
way of distinguishing it from any other middle node along a tor circuit.
But I would need to reread the protocol specification in detail again
see whether you could actually deny service even at the invitation and
rendez-vous points.

> ordering me to block it, this I have already run through my solicitor
> and there no escaping that fact unfortunately.
> Also note, botnets in this sense are not the topic. The proposal is an
> easy mechanism to censor hidden services and let it not be portrayed
> as anything other than that. I can see why 90% of people opposed his
> "coin taint" idea and 75% wanted him to leave the bitcoin foundation.
> If Tor did introduce such measures, I would be swiftly leaving Tor's
> ranks and withdrawing all support (both all 25 relays/exits/guards,
> and financial) from it.
> So to state clearly:
> Should Tor Project develop a system to filter hidden services?
> I'll let people decide that for themselves. But my opinion, is that
> doing so defies the point of a hidden service and people who push for
> it should be ashamed of themselves.
     Also fully agreed.  To develop such a system would require weakening
or breaking the current level of protection offered to users, as well as
being a special gift to the NSA and its peers in other countries.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:   bennett at sdf.org   *or*   bennett at freeshell.org   *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *

More information about the tor-relays mailing list