[tor-relays] Combined relay and hidden service, good idea or not?

Tortilla tortilla at mantablue.com
Fri Jan 5 21:10:18 UTC 2018

On Fri, January 5, 2018 12:31 pm, Roger Dingledine wrote:
> On Fri, Jan 05, 2018 at 03:08:48AM -0000, tortilla at mantablue.com wrote:
>> Second, I had read in the past opinions stating:
>> When operating a hidden service, running a relay helps mix traffic so
>> that
>> anyone observing traffic from the machine cannot easily run an analysis
>> targeted at a hidden service that might exist on that machine.
>> The text of the startup warning seems to contradict that belief.  Is
>> there
>> more to know, or is the warning only applicable to the now-closed
>> information leak?
>> Can someone kindly clarify the current best practice in this regard and
>> address whether or not that warning should be removed from tor's startup
>> diagnostics?
> I believe it is riskier to run an onion service on a public relay if you
> want to keep the onion service's location hidden. The original reason for
> this recommendation was because it's easier to induce load on the relay,
> and then look for corresponding congestion at the onion service.
> This congestion "guess and check" concern is similar to the concern
> around running your local Tor client as a bridge. You can read more here:
> https://blog.torproject.org/risks-serving-whenever-you-surf
> https://www.freehaven.net/anonbib/#wpes09-bridge-attack

Ah, makes perfect sense.  Thanks for the links.  I'd strongly recommend
changing the tor startup warning; remove the link to that closed issue and
leave without further qualification OR include the links you've provided. 
Having a closed issue linked to the warning can lead one to believe the
warning no longer applies.

Do you have thoughts on a scenario when the HS operator is not concerned
with hiding the HS location? -- Can operating a relay and HS together help
enhance client anonymity, make end-to-end correlation more difficult in
that case?

More information about the tor-relays mailing list