[tor-talk] UseEntryGuards: 0?
Syverson, Paul F CIV USN NRL (5543) Washington DC (USA)
paul.syverson at nrl.navy.mil
Wed Aug 18 18:21:17 UTC 2021
On Wed, Aug 18, 2021 at 01:45:06PM -0400, Matt Traudt wrote:
> Disable the socks port and set two options:
>
> SocksPort 0
> HiddenServiceSingleHopMode 1
> HiddenServiceNonAnonymousMode 1
>
> All onion services that this tor process operates will connect directly
> to introduction and rendezvous points. This lowers the hop count from 6
> to 3 and rivals/beats exit connections in terms of latency/bandwidth.
>
> The location of the onion service is no longer protected, yet visitors
> of the onion service are no worse off than before.
>
To be specific, no longer protected from an adversary running a Tor
relay who knows the onion address. This is not especially hard to
mount as an attack. Nonetheless, onion services, even with the
settings you describe, are location-protected for many realistic
adversaries, not to mention protected against many other kinds of
attacks. Perhaps just a quibble, but I always feel obligated to
emphasize that anonymity is not nearly so simple as a boolean choice
of configuration with such a name might seem to indicate---either for
single-onion services or for double-onion services.
Si Vales Valeo,
Paul
More information about the tor-talk
mailing list