[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: invitation to directory server operators

Added this to my high bandwidth node - I would've done so far sooner if I had known it wasn't default behavior. I'd say this should be enabled by default or at least get a line in the example torrc so people know it exists.

- John Brooks

On Thu, Sep 11, 2008 at 7:17 AM, Scott Bennett <bennett@xxxxxxxxxx> wrote:
To all tor server operators (except those who run hidden service directory
servers already):

    The torstatus page as of a few minutes ago says that there are currently
1292 tor servers, of which 596 are also v2 directory servers (46.13%).  If a
few directory servers comes on line or goes down, it's not likely to make much
difference to the tor network as a whole.  However, only 10 of those directory
servers are also hidden service directory (HSDir) servers (0.77% of total tor
servers).  Fortunately, the hidden services subsystem traffic is still
relatively low, so the load on hidden service directory servers is also still
    The problem here is one of reliability.  In the weeks since I began
paying attention, I have seen the count of hidden service directory servers
range from as high as 13 to as low as 6 or 7.  With only these few servers
involved, it would not be too difficult for hidden services to be shut down,
either by computer or network failures or by an attacker with large resources.
More people running hidden services directory servers would strengthen the
reliability of the hidden services feature of tor.
    For a long time, I was unaware that basic directory servers did not
automatically provide hidden services directories, too, but rather the hidden
service directory service was an optional service that could be provided at
the directory server operator's discretion.  Then it took a short time to
track down the means of activating hidden services directory service, which
turned out to be very easy, of course.
    Anyway, for those directory server operators who are willing to add
hidden services directory service to their ordinary tor directory server's
offerings, here's how to do it.  Note that your server must be configured
as a directory server.  Just add the following lines to your server's torrc

## The following line enables hidden service directory mirroring.
HidServDirectoryV2 1

(Or skip the comment line, and just add the second line, as you please.)
Then tell your tor server to reload its torrc file.  Within 24 - 25 hours
your server will begin operating as a tor hidden services directory server.
You probably won't even notice the difference in traffic loads on your tor
    There is already a proposal in the works to make hidden services
directory service the default for directory servers, which would probably
radically increase the number of HSDir servers, providing a solution to the
current vulnerability.  Maybe you can help render that change unnecessary,
freeing up some time for the developers to do other things.  I propose an
initial goal of raising that (frequently fluctuating) 0.77% to around 10%.
How about it, folks?

                                 Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at cs.niu.edu                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *