Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#6888 closed enhancement (fixed)

Disable guard nodes with Tor2web mode

Reported by: nickm Owned by:
Priority: Medium Milestone: Tor: 0.2.4.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: tor-hs
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


On #6866, rransom says:

Perhaps [Tor2web mode] should prevent users from operating hidden services, and turn off UseEntryGuards (as I understand it, this would disable the path-bias detection code). They're not getting anonymity anyway.

I think this is right. Guard nodes exist to prevent profiling attacks, and tor2web instances are not concerned about those.

Mike Perry has a patch as part of one of his #6866 branches. I'm giving this its own ticket number, though, so there can be some record of where we talked about this.

Child Tickets

Change History (7)

comment:1 Changed 8 years ago by nickm

Resolution: fixed
Status: newclosed

Merged mike's code

comment:2 Changed 8 years ago by rransom

Resolution: fixed
Status: closedreopened

The comment Mike added explaining why tor2web mode disables UseEntryGuards is bogus.

  • A tor2web-mode client does not build (client-side) introduction circuits to its entry guards -- introduction points are chosen by the hidden service, and tor2web mode connects to them directly when possible.
  • tor2web-mode clients are expected to have no privacy. The only reason they do not act as relays and use themselves as rendezvous points is that that would have been too hard to implement. Worrying about a client being fingerprinted as using tor2web mode is totally silly.

See my bug6888b branch for a comment-fix patch.

comment:3 Changed 8 years ago by rransom

Status: reopenedneeds_review

comment:4 Changed 8 years ago by nickm


comment:5 Changed 8 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

comment:6 Changed 8 years ago by nickm

Keywords: tor-hs added

comment:7 Changed 8 years ago by nickm

Component: Tor Hidden ServicesTor
Note: See TracTickets for help on using tickets.