On Fri, January 5, 2018 12:31 pm, Roger Dingledine wrote: > On Fri, Jan 05, 2018 at 03:08:48AM -0000, [email protected] wrote: >> Second, I had read in the past opinions stating: >> >> When operating a hidden service, running a relay helps mix traffic so >> that >> anyone observing traffic from the machine cannot easily run an analysis >> targeted at a hidden service that might exist on that machine. >> >> The text of the startup warning seems to contradict that belief. Is >> there >> more to know, or is the warning only applicable to the now-closed >> information leak? >> >> Can someone kindly clarify the current best practice in this regard and >> address whether or not that warning should be removed from tor's startup >> diagnostics? > > I believe it is riskier to run an onion service on a public relay if you > want to keep the onion service's location hidden. The original reason for > this recommendation was because it's easier to induce load on the relay, > and then look for corresponding congestion at the onion service. > > This congestion "guess and check" concern is similar to the concern > around running your local Tor client as a bridge. You can read more here: > https://blog.torproject.org/risks-serving-whenever-you-surf > https://www.freehaven.net/anonbib/#wpes09-bridge-attack
Ah, makes perfect sense. Thanks for the links. I'd strongly recommend changing the tor startup warning; remove the link to that closed issue and leave without further qualification OR include the links you've provided. Having a closed issue linked to the warning can lead one to believe the warning no longer applies. Do you have thoughts on a scenario when the HS operator is not concerned with hiding the HS location? -- Can operating a relay and HS together help enhance client anonymity, make end-to-end correlation more difficult in that case? _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
