[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] UseEntryGuards: 0?



On Wed, Aug 18, 2021 at 01:45:06PM -0400, Matt Traudt wrote:
> Disable the socks port and set two options:
> 
>     SocksPort 0
>     HiddenServiceSingleHopMode 1
>     HiddenServiceNonAnonymousMode 1
> 
> All onion services that this tor process operates will connect directly
> to introduction and rendezvous points. This lowers the hop count from 6
> to 3 and rivals/beats exit connections in terms of latency/bandwidth.
> 
> The location of the onion service is no longer protected, yet visitors
> of the onion service are no worse off than before.
> 

To be specific, no longer protected from an adversary running a Tor
relay who knows the onion address. This is not especially hard to
mount as an attack. Nonetheless, onion services, even with the
settings you describe, are location-protected for many realistic
adversaries, not to mention protected against many other kinds of
attacks. Perhaps just a quibble, but I always feel obligated to
emphasize that anonymity is not nearly so simple as a boolean choice
of configuration with such a name might seem to indicate---either for
single-onion services or for double-onion services.

Si Vales Valeo,
Paul
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk