[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Configuring Single Onion Services

For whatever it's worth I never found the compile-time option for tor2web mode to be offensive.

I remember Roger's original rebuttal against tor2web mode was, "Virgil, I'm not going to make a 'Make Tor Go Faster Button' to be pressed by peopleÂwho don't know what they are doing."

I always thought the compile-time-flag or text warning was a good compromise.

-V

On Friday, 8 April 2016, George Kadianakis <desnacked@xxxxxxxxxx> wrote:
Tim Wilson-Brown - teor <teor2345@xxxxxxxxx> writes:

> [ text/plain ]
> Hi All,
>
> I'm working on proposal 260's Rendezvous Single Onion Services in #17178.
>
> They are faster, because they have one hop between the service and the introduction and rendezvous points.
> But this means that their location is easy to discover (non-anonymous).
> So we want to come up with a design that makes it hard to configure a non-anonymous service by accident.
>
> Here's a cut-down version of an email I sent to tor-onions for feedback, for those who are on both lists:
>
> Nick's concern was that users could configure Single Onion Services without realising that it provides no server location anonymity.
> I initially thought we could change the torrc option name to make this clear. ...
> I now believe that trying to overload the name of a feature with warnings about its downsides was a mistake. â
>
> This would mean that Single Onion Service operators would include in their torrc:
>
> SingleOnionMode 1
> HiddenServiceDir â
> ...
>
> As a separate issue, I think there are two alternative designs that can prevent users from configuring the feature and then exposing their location unintentionally:
>
> Tor2WebMode requires users to add a compilation option: --enable-tor2web-mode
> We could do this with Single Onion Services as well: --enable-single-onion-mode
> If SingleOnionMode is configured without the compilation option, tor warns the user and refuses to start.
> When it is configured, tor warns the user they're non-anonymous, then starts.
> However, using a compilation option makes the feature harder to test.
> And Tor2Web operators already don't like having to compile separate binaries.
> It's likely Single Onion operators would feel similarly.
>
> Alternately, we could add a torrc option: NonAnonymousMode
> If SingleOnionMode is configured without NonAnonymousMode, tor warns the user and refuses to start.
> When it is configured, tor warns the user they're non-anonymous, then starts.
>
> I spoke with Nick on IRC and he's happy with either of these options.
>
> I'd like to proceed with the NonAnonymousMode torrc option, unless there are compelling reasons against that design.
> I hope that this will allow us to get SingleOnionMode merged early in tor 0.2.9.
>

I think I like this approach more than complicating the torrc option name!

Coming up with a warning message for people who forget to enable
NonAnonymousMode seems easier than trying to fit that warning message in a
torrc option name.

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev