Re: [tor-dev] Tor Relays on Whonix Gateway
On 2016-10-17 03:04, teor wrote: On 7 Oct 2016, at 08:11, ban...@openmailbox.org wrote: Should Whonix document/encourage end users to turn clients into relays on their machines? Probably not: * it increases the attack surface, * it makes their IP address public, * the relays would be of variable quality. Why not encourage them to run bridge relays instead, if their connection is fast enough? Good idea. We are waiting for snowflake bridge transport to be ready and we plan to enable it by default on Whonix Gateway. Its optimal because no port forwarding is needed or changes to firewall settings (because VMs connect from behind virtual NATs). T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org -- ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Tor Relays on Whonix Gateway
> On 7 Oct 2016, at 08:11, ban...@openmailbox.org wrote: > > Should Whonix document/encourage end users to turn clients into relays on > their machines? Probably not: * it increases the attack surface, * it makes their IP address public, * the relays would be of variable quality. Why not encourage them to run bridge relays instead, if their connection is fast enough? T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org -- signature.asc Description: Message signed with OpenPGP using GPGMail ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Proposal 273: Exit relay pinning for web services
teor wrote: > >> On 7 Oct 2016, at 00:22, s7rwrote: >> >> I don't care about location anonymity because my >> website is clearnet public anyway and I want my website to handle many >> Tor users, just setup a bridge Tor instance on localhost (127.0.0.1) not >> published to the bridge authority, point the second Tor instance to use >> bridge 127.0.0.1:port and single hop hidden services. > > I don't understand why you have an extra bridge relay here. > Can't you just use HiddenServicePort 80 ? > Sorry - my bad, I thought of OnionBalance in general setups first (and that the bottleneck becomes the guard that also handles other clients) and mixed up in my mind different setup scenarios. HiddenServiceSingleHopMode 1 ensures that the hidden service server connects to the introduction points and rendezvous points directly, without going through a Guard, so there's no bottleneck here, case in which there's no need for an extra bridge relay. signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev