[tor-talk] UseEntryGuards: 0?

Syverson, Paul F CIV USN NRL (5543) Washington DC (USA) paul.syverson at nrl.navy.mil
Wed Aug 18 18:21:17 UTC 2021

On Wed, Aug 18, 2021 at 01:45:06PM -0400, Matt Traudt wrote:
> Disable the socks port and set two options:
>     SocksPort 0
>     HiddenServiceSingleHopMode 1
>     HiddenServiceNonAnonymousMode 1
> All onion services that this tor process operates will connect directly
> to introduction and rendezvous points. This lowers the hop count from 6
> to 3 and rivals/beats exit connections in terms of latency/bandwidth.
> The location of the onion service is no longer protected, yet visitors
> of the onion service are no worse off than before.

To be specific, no longer protected from an adversary running a Tor
relay who knows the onion address. This is not especially hard to
mount as an attack. Nonetheless, onion services, even with the
settings you describe, are location-protected for many realistic
adversaries, not to mention protected against many other kinds of
attacks. Perhaps just a quibble, but I always feel obligated to
emphasize that anonymity is not nearly so simple as a boolean choice
of configuration with such a name might seem to indicate---either for
single-onion services or for double-onion services.

Si Vales Valeo,

More information about the tor-talk mailing list