[tor-relays] do not run Tor client and OR relay together!

ncl at cock.li ncl at cock.li
Sun Aug 16 22:17:24 UTC 2015

Running a relay and hidden service should also should be considered, as
deanonymizing an HS by correlation to another relay seems more dangerous
than unmasking a client+relay.

As far as I know, tor only does anything about the former if accounting
is also enabled, which will give the following warning in its log:

Using accounting with a hidden service and an ORPort is risky: your
hidden service(s) and your public address will all turn off at the same
time, which may alert observers that they are being run by the same party.

Perhaps tor should detect any potentially conflicting setups, print an
error and refuse to run? (Maybe have an override option?) It seems like
something to at least give warnings on.

On having separate packages, that could be a bit of a convenience, but
would probably be more of a thing to ask various distro package maintainers.

starlight.2015q3 at binnacle.cx:
> I think separate packages are good idea
> --is about making it easier for regular
> users to configure Tor with less pain.
> 'openssh' provides a good example,
> as it come with three component
> packages:
> openssh (core files)
> openssh-client
> openssh-server
> so one would have
> tor-core
> tor-client
> tor-server
> where the client and server packages
> would configure separate run-time directories,
> 'torrc's and boot-system start/stop scripts
> for the respective instances.  The 'tor'
> binary would appear in the tor-core component.
> I am confident of the analysis regarding
> how easy it is to isolate client circuit
> establishment cells from other relay traffic.
> Is rather obvious--just look at the debug
> trace 'channel_write_packed_cell' lines
> associated with circuit establishment
> and how they stand-out temporally
> from the relay channel_write_packed_cell()
> lines.  Unfortunately the log-to-file
> feature does not include fractional
> seconds, but it's glaring even with
> whole-second resolution.
> At 23:47 8/16/2015 +0300, you wrote:
>> Hi,
>> Shipping tor-client and tor-relay as separate
>> packages is the worst thing we could do, since
>> it's the same thing with just one config line more
>> or less. It will mess things up terribly.
>> We don't know that just yet, we are getting to
>> fast from one thing to another - wait until proper
>> review over that ticket and we'll see what needs
>> to be done / if something needs to be done.
>> On 8/16/2015 8:50 PM, Ana Lucia Cortez wrote:
>>> On 16.08.2015 at 17:36, starlight.2015q3 at binnacle.cx wrote:
>>>> Anyone who has configured a Tor SOCKS5
>>>> client to run in a 'tor' instance that also
>>>> operates as an OR relay should isolate the
>>>> client to a separate client-only process.
>>>> The client function disturbs relay traffic
>>>> forwarding in a manner that lends itself to
>>>> confirmation analysis.
>>>> See bug 16585, particularly comment 5 and onward:
>> https://trac.torproject.org/projects/tor/ticket/16585#comment:5
>>>> Perhaps read comment 10 first.
>>> It would be nice to have both installed as services by the 
>> deb-package
>>> or two different deb-packages for tor-client and tor-relay.
>>> Apart from the fact that they run the
>>> same binary they are quite different
>>> to configure and setup.
>>> Maybe that would help to make it easier
>>> to run relays and hidden services on
>>> the same machine.

More information about the tor-relays mailing list