[tor-relays] Using your own Relay as Entry Node (Yawning Angel)

Michael Armbruster tor at armbrust.me
Fri Apr 15 09:54:33 UTC 2016 

Am 15.04.16 um 11:46 schrieb fr33d0m4all:
>> Date: Thu, 14 Apr 2016 22:24:30 +0000
>> From: Yawning Angel <yawning at schwanenlied.me>
>> To: tor-relays at lists.torproject.org
>> Subject: Re: [tor-relays] Using your own Relay as Entry Node
>> Message-ID: <20160414222430.78b9255e at schwanenlied.me>
>> Content-Type: text/plain; charset="us-ascii"
>>
>> On Thu, 14 Apr 2016 21:38:15 +0000
>> fr33d0m4all <fr33d0m4all at riseup.net> wrote:
>>> And about using it as a SOCKS proxy to enter the Tor network? Do the
>>> same considerations apply or is it even worse to use a relay as a
>>> SOCKS proxy?
>>
>> This is horrible and should *NEVER* be done, assuming any network not
>> physically controlled by you is between you and the SOCKS proxy
>> server[0], simply based on the request (and authentication if you
>> chose to use such things) being in the clear.
>>
>> Regards,
>>
>> -- 
>> Yawning Angel
>>
>> [0]: So, SOCKS over an internal network to a VM/magical anonymity box
>> may be ok (depending on your threat model).  SOCKS to a VPS somewhere
>> is essentially always a bad idea.
> 
> Hi Yawning,
> I perfectly understand your point... I'm using it as a SOCSK proxy only
> within my own LAN, which is only used by me. If I ever need to reach it
> from the outside I would do it by tunnelink the SOCKS connection within
> an SSH connection to my LAN. But I'm far more interested in what you
> think about using your own Tor relay as Entry Node, which I think should
> decrease the risks because it is for sure a not-bad Entry Node.
> 
> What do you think about this point?
> 
> Thank you for the answers.
> 
>    Fr33d0m4All
> 

Hi Fr33d0m4All,

In my opinion, you could use your own tor relay as an entry node,
although you should think about it this way, too: Browsing through the
tor network usually establishes a route through 3 nodes from your side.
Always going through your own relay as an entry node means, only two of
the three nodes are changing each time you establish a new route to a
server.

In my opinion, you are just moving the "trusted entry node" problem to a
"trusted middle node" problem, although traffic will be more obfuscated
for the middle node because other users could use it over your relay as
well.

If I am wrong with this opinion because it's not how the Tor network
works, somebody else is free to correct me.

In my opinion, I would try to get at least a small amount of really
trusted nodes you use as an entry. Nodes that YOU trust. Could be nodes
from people on this mailing list like my node if you trust me. If you
don't trust my node for example (e.g. you assume I am running a honeypot
or I run it for the CIA or NSA), then just don't put it on your list. If
you asked me, I would put 5-10 personally trusted entry nodes on the
list, including your own of course.

Best Regards,
Michael

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160415/368df913/attachment.sig>

More information about the tor-relays mailing list