[tor-bugs] #21284 [Core Tor/Tor]: Add torrc option for non-anonymous SocksPort

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jan 24 00:37:14 UTC 2017


#21284: Add torrc option for non-anonymous SocksPort
--------------------------------------------+------------------------------
 Reporter:  teor                            |          Owner:
     Type:  enhancement                     |         Status:  new
 Priority:  Very Low                        |      Milestone:  Tor: very
                                            |  long term
Component:  Core Tor/Tor                    |        Version:
 Severity:  Normal                          |     Resolution:
 Keywords:  tor-hs, single-onion, wontfix?  |  Actual Points:
Parent ID:                                  |         Points:  1
 Reviewer:                                  |        Sponsor:
--------------------------------------------+------------------------------
Changes (by teor):

 * priority:  Medium => Very Low
 * keywords:  tor-hs, single-onion => tor-hs, single-onion, wontfix?
 * milestone:  Tor: unspecified => Tor: very long term


Comment:

 Replying to [comment:3 s7r]:
 > I fully agree with asn - a lot of complications for a very weird and
 rare use case.
 >
 > Wonder why would someone really want this... This kind of like wanting
 to take a shower without getting wet. While there are obvious, plenty,
 demanded use cases for RSOS (very happy to have it), I can't see at least
 one for downloading files non-anonymously over Tor.
 >
 > Let's think if this option would not be actually useless and/or
 impossible to implement before further discussing use cases. It's unclear
 to me:
 >
 > - a Tor instance running a single onion service is not anonymous because
 it only builds single hop circuits (to introduction points and rendezvous
 relays) except for HSDirs when uploading descriptors when normal 3 hop
 circuits are used. In this case, SocksPort circuits can also be regular, 3
 hop, so will this truly be 100% non anonymous? It might affect anonymity
 in unknown ways, but we don't know for sure.

 Yes, I agree. This is why we don't do mixed-mode anonymous and non-
 anonymous tor instances.
 The workaround is to use --enable-tor2web-mode, which does allow single-
 hop SOCKSPorts.

 > - other way around, if the SocksPort circuits are single hop because
 this is the only way single hop onion services can also work on the same
 Tor instance, how will exiting even work since Exit relays do not allow
 exit traffic on single hop circuits. We have `AllowSingleHopExits 0`
 default on relay side, so all Exit relays will not allow it. Even if there
 were few configured to allow it, on the client side we have
 `ExcludeSingleHopRelays 1` default and also a `AllowSingleHopCircuits 0`
 but I guess RSOS overwrites these in order to work.

 No, it doesn't. So single-hop SOCKSPorts might just end up failing. I
 should tell Alec this.

 (Marked as low-priority, long-term, wontfix?)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21284#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list