[tor-talk] UseEntryGuards: 0?

Fran fatal at mailbox.org
Sun Aug 15 14:22:53 UTC 2021


I run some onion v3 services, some are also available in the "clear net", some
only as onion services. I monitor[1] reachability of the onion services which results
in quite some false positives, although  I configured alertmanager to alert after > 1 hour (!)
of failed connection attempts.  I'd like to reduce these false positives and thought
of using "UseEntryGuards: 0" to have circuits been rebuild more often.
I'd only do this for the onion services which are also reachable in the non-tor internet
and therefore their IP adresses are known anyway.
I'd not do this for the onion-only services following the implications of
https://freehaven.net/anonbib/#hs-attack06 .

Do you think this is a viable approach security/privacy wise or am I missing something?
Any other suggestions?


[1] https://github.com/systemli/prometheus-onion-service-exporter

More information about the tor-talk mailing list