WIKI SUGGESTION: Tor Relay & Hidden Service

[c107886]

Hi ra ,

I was wondering if you could post instructions on the wiki on how to configure the Tor Gateway to run as a hidden service. Also if you could do the same with how to configure it as a regular relay that would be great - since users would then not have to rely on an entry node which could be malicious, instead they could be the entry node itself.

If you could describe exit relay configuration, that would be an extra ,but not really urgent by any means.

Thanks,

Eli

[ra--]

Is there a use case for running a hidden service on a workstation?

Adding documentation for running a relay sounds reasonable. I will do that, altough I don't get your entry node point.

I would consider running an exit node on a workstation as dangerous, since hardly any tip from https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment could be followed.

[c107886]

A few uses of hidden services come to mind. It's a great way to host a small site without having to deal with a dynDNS or getting kicked off by the ISP for hosting on a residential connection. Other practical uses include hosting a political blog on my own machine instead of having to rely on external hosting services which could shut it down at their will. Also I could use a server version of linux to host files that I might want to access from behind a password wall remotely when I'm somewhere else. The place where I work censors file locker sites which is annoying when I'm trying to move files larger than email attachment limits. In the end its your call if you want to add these instuctions, I know that I would personally appreciate this.

For the relays, I had the understanding that one could chose whther to be a regular middle node or an entry guard node for others to connect to. I thought that it would require different commands to set the node type and so that was what I meant.

I would recommend that you set both gateways as relay nodes by default as it helps to protect the user much more against traffic analysis as there would be only one point of traffic interception -the exit node- while providing plausible deniability with regards to traffic origin. At that point there is no fear that the entry and exit node are working together since we are an entry node. This was also one of the recommendations in this paper against timing correlation attacks: http://www.blackhat.com/presentations/bh-usa-07/Perry/Whitepaper/bh-usa-07-perry-WP.pdf

As for the exit nodes, I was just asking about them for the sake of completeness of documentation. I know that there are some very charitable souls out there who would go through all of the harassment issues just so they can help people in oppressed countries. I for one don't think I can handle the headache that comes from running an exit node, but I thought it would be best to still provide that information for others who are willing to do so.