[tor-dev] Configuring Single Onion Services

Virgil Griffith i at virgil.gr
Fri Apr 8 16:29:09 UTC 2016


For whatever it's worth I never found the compile-time option for tor2web
mode to be offensive.

I remember Roger's original rebuttal against tor2web mode was, "Virgil, I'm
not going to make a 'Make Tor Go Faster Button' to be pressed by people who
don't know what they are doing."

I always thought the compile-time-flag or text warning was a good
compromise.

-V

On Friday, 8 April 2016, George Kadianakis <desnacked at riseup.net> wrote:

> Tim Wilson-Brown - teor <teor2345 at gmail.com <javascript:;>> writes:
>
> > [ text/plain ]
> > Hi All,
> >
> > I'm working on proposal 260's Rendezvous Single Onion Services in #17178.
> >
> > They are faster, because they have one hop between the service and the
> introduction and rendezvous points.
> > But this means that their location is easy to discover (non-anonymous).
> > So we want to come up with a design that makes it hard to configure a
> non-anonymous service by accident.
> >
> > Here's a cut-down version of an email I sent to tor-onions for feedback,
> for those who are on both lists:
> >
> > Nick's concern was that users could configure Single Onion Services
> without realising that it provides no server location anonymity.
> > I initially thought we could change the torrc option name to make this
> clear. ...
> > I now believe that trying to overload the name of a feature with
> warnings about its downsides was a mistake. …
> >
> > This would mean that Single Onion Service operators would include in
> their torrc:
> >
> > SingleOnionMode 1
> > HiddenServiceDir …
> > ...
> >
> > As a separate issue, I think there are two alternative designs that can
> prevent users from configuring the feature and then exposing their location
> unintentionally:
> >
> > Tor2WebMode requires users to add a compilation option:
> --enable-tor2web-mode
> > We could do this with Single Onion Services as well:
> --enable-single-onion-mode
> > If SingleOnionMode is configured without the compilation option, tor
> warns the user and refuses to start.
> > When it is configured, tor warns the user they're non-anonymous, then
> starts.
> > However, using a compilation option makes the feature harder to test.
> > And Tor2Web operators already don't like having to compile separate
> binaries.
> > It's likely Single Onion operators would feel similarly.
> >
> > Alternately, we could add a torrc option: NonAnonymousMode
> > If SingleOnionMode is configured without NonAnonymousMode, tor warns the
> user and refuses to start.
> > When it is configured, tor warns the user they're non-anonymous, then
> starts.
> >
> > I spoke with Nick on IRC and he's happy with either of these options.
> >
> > I'd like to proceed with the NonAnonymousMode torrc option, unless there
> are compelling reasons against that design.
> > I hope that this will allow us to get SingleOnionMode merged early in
> tor 0.2.9.
> >
>
> I think I like this approach more than complicating the torrc option name!
>
> Coming up with a warning message for people who forget to enable
> NonAnonymousMode seems easier than trying to fit that warning message in a
> torrc option name.
>
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org <javascript:;>
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160409/3ee1fd89/attachment-0001.html>


More information about the tor-dev mailing list