Re: [tor-dev] Tor Relays on Whonix Gateway

2016-10-16 Thread bancfc 

On 2016-10-17 03:04, teor wrote:

On 7 Oct 2016, at 08:11, ban...@openmailbox.org wrote:

Should Whonix document/encourage end users to turn clients into relays 
on their machines?


Probably not:
* it increases the attack surface,
* it makes their IP address public,
* the relays would be of variable quality.

Why not encourage them to run bridge relays instead, if their 
connection is

fast enough?


Good idea. We are waiting for snowflake bridge transport to be ready and 
we plan to enable it by default on Whonix Gateway. Its optimal because 
no port forwarding is needed or changes to firewall settings (because 
VMs connect from behind virtual NATs).




T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
--








___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev


___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] Tor Relays on Whonix Gateway

2016-10-16 Thread teor 

> On 7 Oct 2016, at 08:11, ban...@openmailbox.org wrote:
> 
> Should Whonix document/encourage end users to turn clients into relays on 
> their machines?

Probably not:
* it increases the attack surface,
* it makes their IP address public,
* the relays would be of variable quality.

Why not encourage them to run bridge relays instead, if their connection is
fast enough?

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
--









signature.asc
Description: Message signed with OpenPGP using GPGMail
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] Proposal 273: Exit relay pinning for web services

2016-10-16 Thread s7r 

teor wrote:
> 
>> On 7 Oct 2016, at 00:22, s7r  wrote:
>>
>> I don't care about location anonymity because my
>> website is clearnet public anyway and I want my website to handle many
>> Tor users, just setup a bridge Tor instance on localhost (127.0.0.1) not
>> published to the bridge authority, point the second Tor instance to use
>> bridge 127.0.0.1:port and single hop hidden services.
> 
> I don't understand why you have an extra bridge relay here.
> Can't you just use HiddenServicePort 80 ?
> 

Sorry - my bad, I thought of OnionBalance in general setups first (and
that the bottleneck becomes the guard that also handles other clients)
and mixed up in my mind different setup scenarios.

HiddenServiceSingleHopMode 1 ensures that the hidden service server
connects to the introduction points and rendezvous points directly,
without going through a Guard, so there's no bottleneck here, case in
which there's no need for an extra bridge relay.



signature.asc
Description: OpenPGP digital signature
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev