[tor-dev] non-anonymous ephemeral onion services with stem
Roger Dingledine
arma at mit.edu
Tue Jan 30 00:08:43 UTC 2018
On Tue, Jan 30, 2018 at 11:03:26AM +1100, teor wrote:
> >> Ok, so you trust your friend with your IP and onion address in this use
> >> case.
> >>
> >> But do you also trust the entire Tor network?
> >
> > I opened a ticket for the OnionShare single onion service use case:
> > https://trac.torproject.org/projects/tor/ticket/21295
> >
> > We'll see what we can do, and try to work out the anonymity implications
> > of leaking your IP address to the intro and rendezvous points.
>
> I closed this ticket as "wontfix" with the following comment:
>
> I just don't think this is safe, particularly as part of Tor's current
> design.
Agreed.
I think the trend of people saying "well I don't need anonymity" is no
different from the trend of people trying to justify their use of random
public proxies, VPNs, etc instead of Tor.
The fact is that people are often surprised to learn, after the fact when
it's too late and now they regret it, that they should have wanted some
more security. At Tor we should aim to give them that security by default,
and if they don't want it, we shouldn't give them an opportunity to think
"well I'm still using Tor so maybe I'm still making a good choice".
(I think this reasoning argues for jettisoning the whole single onion
service design too, but I won't try to make that argument in this thread.)
--Roger
More information about the tor-dev
mailing list