[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Combined relay and hidden service, good idea or not?



Hey,

On 2018-01-05 04:08, tortilla@xxxxxxxxxxxxx wrote:

When operating a hidden service and a relay in one tor instance, tor
currently warns:

[warn] Tor is currently configured as a relay and a hidden service. That's
not very secure: you should probably run your hidden service in a separate
Tor process, at least -- see https://trac.torproject.org/8742

First, that issue has been fixed and closed.

The issue is fixed by adding the above warning message: if you care about your hidden service's "hidden" property, do not run a relay on the same process.


Second, I had read in the past opinions stating:

When operating a hidden service, running a relay helps mix traffic so that
anyone observing traffic from the machine cannot easily run an analysis
targeted at a hidden service that might exist on that machine.

The part "cannot easily run an analysis targeted at a hidden service" looks just wrong to me. If you want an example of an active attacker able to easily uncover such a hidden service (when mixed with a relay), you can give a look at our paper "Dropping on the Edge: Flexibility and Traffic Confirmation in Onion Routing Protocols" [1] (to appear in PoPETs18). The techniques presented are not applied on that particular setup, but this is somewhat trivial to do.

Best,
Florentin

[1] https://uclouvain.be/crypto/people/show/462
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays