[tor-relays] Combined relay and hidden service, good idea or not?
dw at thedave.ca
Mon Jan 8 19:25:06 UTC 2018
On 2018-01-08 03:21, Florentin Rochet wrote:
>> Perhaps in the case that the HS operator is not trying to mask the HS
>> location, the act of mixing public relay traffic can be nothing but a
>> *help* to defeat anyone trying to correlate traffic coming to the HS with
>> traffic emanating from any one client.
> Yes, if the HS operator does not want to mask the HS location, then it
> is all good. For that purpose, I agree that the warning message should
> be changed.
Indeed. I run some public resources (e.g. torproject.org mirror) on a
public URL with a .onion site as well. Nothing is intended to be hidden,
I simply want the content of anything I mirror to be available to Tor
users without relying on an exit.
After an "abuse" report warning me that my hidden site is "leaking" its
location, my root robots.txt and a separate README file now both display
the public and .onion addresses with a note that nothing is intended to
be hidden. (I also appreciate the individual who sent the warning!)
On the flip side, to a new/naive hidden service operator the warning
could be useful as it may not be immediately obvious to someone just
dipping their toes in Tor as to why and how this configuration might
reveal their hidden service's real physical location.
I avidly dislike warnings appearing in my logs that I intend to ignore,
I would prefer to see this be controlled by a preference in torrc,
either by an option to disable the warning, or better, require an
explicit switch to be set before tor will act as both a relay and a
hidden service. By making a "allow both HS and relay function" switch
that is disabled by default, we could place appropriate comments in the
default torrc file which explain the risks.
Whether any of this really matters in the real world, I don't know, but
getting the attention of an inexperienced operator before they make a
privacy-reducing mistake seems like A Good Thing.
More information about the tor-relays