[tor-relays] [tor-dev] Hidden service policies
Scott Bennett
bennett at sdf.org
Tue Jul 22 01:06:41 UTC 2014
Thomas White <thomaswhite at riseup.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > Sorry, wrong answer. If you block connections from other relays,
> > you break the tor network. I don't recall offhand whether that
> > sort of breakage might earn your relay either an Invalid flag or
> > being simply dropped from the consensus.
>
> For a single relay to my knowledge, it shouldn't do. There are many
> reasons some relays can't connect to each other so it doesn't "break"
> Tor as an alternative route is simply found.
>
Yes, tor, like many other Internet operations, has some ability to
route around breakage in its network. However, each time it is necessary
to find a way around it, a cost to the network is incurred in the form
of wasted processing time over many pieces of equipment, wasted traffic,
and likely wasted end-user time.
>
> > Are you suggesting that the mobbing attacks on HSDIR relays are the
> > actions of botnets? If so, then you are suggesting that the
> > problem of mobbing of HSDIR relays is probably insoluble because it
> > would not be the symptom of a bug in tor. :-(
>
> The question is botnet CnC's, the proposal has nothing to do with
> solving the botnet CnC problem and I am also stating Tor is not the
> one who needs to tackle them right at this moment, the budget and
Agreed.
> resources are just not there. However creating a system where
> operators start blacklisting hidden services is extremely bad for
> anonymity both for the hidden service and the user.
>
Also agreed.
I was referring to the as yet unsolved problem of HSDIR mobbing,
which I have long thought was due to a bug somewhere in tor, just as
there used to be a problem with DirPort mobbing. The DirPort mobbing
bug was eventually found and fixed a long time ago, but the HSDIR
mobbing still hasn't been. But now you have given me the idea that
perhaps HSDIR mobbing is actually due to other software applying a
malicious attack upon tor relays that have the HSDIR flag. IOW, I
wasn't arguing with you, just commenting about this other problem in
light of what you had written.
> To answer the rest of your question, I am not a developer. I am
> somebody who cares about anonymity and that is why I run the 2nd
> largest server cluster on the Tor network from my own pocket.
> Filtering or proposing to blacklist anything is not acceptable in my
> view. Whatever solutions individuals care to launch to protect their
> relay is their own responsibility, but actively developing something
> by the core developers to blacklist hidden service is a completely
> despicable idea. To elaborate only on the legal side of things, if I
> can easily block hidden services passing through my relays or if I am
> the RV point for one the government can then serve me a notice
AFAICT, the introduction point and the rendez-vous point are about
the only places you might be able to block them, though by doing so, you
would again be introducing a form of breakage. If your relay were at
any other points in the hidden service protocol, you wouldn't have any
way of distinguishing it from any other middle node along a tor circuit.
But I would need to reread the protocol specification in detail again
see whether you could actually deny service even at the invitation and
rendez-vous points.
> ordering me to block it, this I have already run through my solicitor
> and there no escaping that fact unfortunately.
>
> Also note, botnets in this sense are not the topic. The proposal is an
> easy mechanism to censor hidden services and let it not be portrayed
> as anything other than that. I can see why 90% of people opposed his
> "coin taint" idea and 75% wanted him to leave the bitcoin foundation.
> If Tor did introduce such measures, I would be swiftly leaving Tor's
> ranks and withdrawing all support (both all 25 relays/exits/guards,
> and financial) from it.
>
> So to state clearly:
>
> Should Tor Project develop a system to filter hidden services?
>
> I'll let people decide that for themselves. But my opinion, is that
> doing so defies the point of a hidden service and people who push for
> it should be ashamed of themselves.
>
Also fully agreed. To develop such a system would require weakening
or breaking the current level of protection offered to users, as well as
being a special gift to the NSA and its peers in other countries.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at sdf.org *or* bennett at freeshell.org *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************
More information about the tor-relays
mailing list