[tor-talk] UseEntryGuards: 0?
Fran
fatal at mailbox.org
Sun Aug 15 14:22:53 UTC 2021
Hey,
I run some onion v3 services, some are also available in the "clear net", some
only as onion services. I monitor[1] reachability of the onion services which results
in quite some false positives, although I configured alertmanager to alert after > 1 hour (!)
of failed connection attempts. I'd like to reduce these false positives and thought
of using "UseEntryGuards: 0" to have circuits been rebuild more often.
I'd only do this for the onion services which are also reachable in the non-tor internet
and therefore their IP adresses are known anyway.
I'd not do this for the onion-only services following the implications of
https://freehaven.net/anonbib/#hs-attack06 .
Do you think this is a viable approach security/privacy wise or am I missing something?
Any other suggestions?
Thanks,
f.
[1] https://github.com/systemli/prometheus-onion-service-exporter
More information about the tor-talk
mailing list