[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Combined relay and hidden service, good idea or not?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Combined relay and hidden service, good idea or not?
From: Florentin Rochet <florentin.rochet@xxxxxxxxxxxx>
Date: Fri, 5 Jan 2018 09:23:53 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 05 Jan 2018 03:24:17 -0500
Dkim-filter: OpenDKIM Filter v2.9.2 smtp2.sgsi.ucl.ac.be 9280B67E020
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=uclouvain.be; s=selucl; t=1515140633; bh=EagBfZs6sYxJoMrBao5faLj2TG2PZn4vdkDR7wVupQg=; h=Subject:To:References:From:Date:In-Reply-To; b=lPEkF+ICVQL6YvkxRlkhWvsS0VwY5/IbfxkvjOf6bfCUusZjIoqFqVRSD2TEb2UlV LTzH5bsP9CK9ixICcyjSxL6eQDCaS/lQAUs+P5MnWBQzOFZEeofrnxfneev95GNkZh M/urvkONxex8MFEUWJJWxiIrNLjICThGqZB0C4AA=
In-reply-to: <513c289257afb52f0b973b4551405c0ec91a.alpine@mantablue.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <513c289257afb52f0b973b4551405c0ec91a.alpine@mantablue.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0

Hey,

On 2018-01-05 04:08, tortilla@xxxxxxxxxxxxx wrote:

When operating a hidden service and a relay in one tor instance, tor
currently warns:

[warn] Tor is currently configured as a relay and a hidden service. That's
not very secure: you should probably run your hidden service in a separate
Tor process, at least -- see https://trac.torproject.org/8742

First, that issue has been fixed and closed.

The issue is fixed by adding the above warning message: if you careabout your hidden service's "hidden" property, do not run a relay on thesame process.


Second, I had read in the past opinions stating:

When operating a hidden service, running a relay helps mix traffic so that
anyone observing traffic from the machine cannot easily run an analysis
targeted at a hidden service that might exist on that machine.

The part "cannot easily run an analysis targeted at a hidden service"looks just wrong to me. If you want an example of an active attackerable to easily uncover such a hidden service (when mixed with a relay),you can give a look at our paper "Dropping on the Edge: Flexibility andTraffic Confirmation in Onion Routing Protocols" [1] (to appear inPoPETs18). The techniques presented are not applied on that particularsetup, but this is somewhat trivial to do.


Best,
Florentin

[1] https://uclouvain.be/crypto/people/show/462
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Combined relay and hidden service, good idea or not?
  - From: Tortilla

References:
- [tor-relays] Combined relay and hidden service, good idea or not?
  - From: tortilla

Prev by Author: Re: [tor-relays] Increased cpu usage
Next by Author: [tor-relays] When is 0.3.2.9 available to download?
Previous by thread: Re: [tor-relays] Combined relay and hidden service, good idea or not?
Next by thread: Re: [tor-relays] Combined relay and hidden service, good idea or not?
Index(es):
- Author
- Thread