[tor-relays] Combined relay and hidden service, good idea or not?

Dave Warren dw at thedave.ca
Mon Jan 8 22:59:25 UTC 2018 

On 2018-01-08 14:09, Tortilla wrote:
> 
> On Mon, January 8, 2018 11:25 am, Dave Warren wrote:
>> On 2018-01-08 03:21, Florentin Rochet wrote:
>>>> Perhaps in the case that the HS operator is not trying to mask the HS
>>>> location, the act of mixing public relay traffic can be nothing but a
>>>> *help* to defeat anyone trying to correlate traffic coming to the HS
>>>> with
>>>> traffic emanating from any one client.
>>>
>>> Yes, if the HS operator does not want to mask the HS location, then it
>>> is all good. For that purpose, I agree that the warning message should
>>> be changed.
>>
>> Indeed. I run some public resources (e.g. torproject.org mirror) on a
>> public URL with a .onion site as well. Nothing is intended to be hidden,
>> I simply want the content of anything I mirror to be available to Tor
>> users without relying on an exit.
>>
>> After an "abuse" report warning me that my hidden site is "leaking" its
>> location, my root robots.txt and a separate README file now both display
>> the public and .onion addresses with a note that nothing is intended to
>> be hidden. (I also appreciate the individual who sent the warning!)
>>
>> On the flip side, to a new/naive hidden service operator the warning
>> could be useful as it may not be immediately obvious to someone just
>> dipping their toes in Tor as to why and how this configuration might
>> reveal their hidden service's real physical location.
> 
> Certainly!  I'm not new to Tor/HS and still got tripped up by this,
> especially seeing the issue as having been closed, not having realized it
> has not in fact been "fixed" and the only thing done was to add a startup
> warning.  The issue really should be re-opened.  It's not unreasonable to
> conclude that if the issue linked in the warning is closed that the
> warning is obsolete.

I think the issue itself should be listed as WONTFIX, as this is simply 
a reality of how the internet works. Even if Tor didn't supply any relay 
statistics, a curious and enterprising individual could "explore" by 
seeing what happens to a particular onion when one launches a DoS attack 
against an external IP that one believes might be connected to the 
.onion service.

Notifying the administrator is sufficient, but I don't think an 
otherwise harmless log WARNING is sufficient to know that the 
administrator has been notified. Given that an administrator may not 
even review the logs if everything is functioning the way they expect, I 
would like to see something that forces the administrator to make a 
conscious choice.

More information about the tor-relays mailing list