[tor-bugs] #21284 [Core Tor/Tor]: Add torrc option for non-anonymous SocksPort
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jan 24 00:37:14 UTC 2017
#21284: Add torrc option for non-anonymous SocksPort
--------------------------------------------+------------------------------
Reporter: teor | Owner:
Type: enhancement | Status: new
Priority: Very Low | Milestone: Tor: very
| long term
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-hs, single-onion, wontfix? | Actual Points:
Parent ID: | Points: 1
Reviewer: | Sponsor:
--------------------------------------------+------------------------------
Changes (by teor):
* priority: Medium => Very Low
* keywords: tor-hs, single-onion => tor-hs, single-onion, wontfix?
* milestone: Tor: unspecified => Tor: very long term
Comment:
Replying to [comment:3 s7r]:
> I fully agree with asn - a lot of complications for a very weird and
rare use case.
>
> Wonder why would someone really want this... This kind of like wanting
to take a shower without getting wet. While there are obvious, plenty,
demanded use cases for RSOS (very happy to have it), I can't see at least
one for downloading files non-anonymously over Tor.
>
> Let's think if this option would not be actually useless and/or
impossible to implement before further discussing use cases. It's unclear
to me:
>
> - a Tor instance running a single onion service is not anonymous because
it only builds single hop circuits (to introduction points and rendezvous
relays) except for HSDirs when uploading descriptors when normal 3 hop
circuits are used. In this case, SocksPort circuits can also be regular, 3
hop, so will this truly be 100% non anonymous? It might affect anonymity
in unknown ways, but we don't know for sure.
Yes, I agree. This is why we don't do mixed-mode anonymous and non-
anonymous tor instances.
The workaround is to use --enable-tor2web-mode, which does allow single-
hop SOCKSPorts.
> - other way around, if the SocksPort circuits are single hop because
this is the only way single hop onion services can also work on the same
Tor instance, how will exiting even work since Exit relays do not allow
exit traffic on single hop circuits. We have `AllowSingleHopExits 0`
default on relay side, so all Exit relays will not allow it. Even if there
were few configured to allow it, on the client side we have
`ExcludeSingleHopRelays 1` default and also a `AllowSingleHopCircuits 0`
but I guess RSOS overwrites these in order to work.
No, it doesn't. So single-hop SOCKSPorts might just end up failing. I
should tell Alec this.
(Marked as low-priority, long-term, wontfix?)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21284#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list