Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

torcontrol: Use the default/standard network port for Tor hidden services, even if the internal port is set differently #15651

Merged
merged 1 commit into from Jun 18, 2019

Conversation

Projects
None yet
8 participants
@luke-jr
Copy link
Member

commented Mar 23, 2019

Currently, the hidden service is published on the same port as the public listening port.
But if a non-standard port is configured, this can be used to guess (pretty reliably) that the public IP and the hidden service are the same node.

@fanquake fanquake added the P2P label Mar 23, 2019

@DrahtBot

This comment has been minimized.

Copy link
Contributor

commented Mar 23, 2019

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

No conflicts as of last run.

torcontrol: Use the default/standard network port for Tor hidden serv…
…ices, even if the internal port is set differently

Currently, the hidden service is published on the same port as the public listening port.
But if a non-standard port is configured, this can be used to guess (pretty reliably) that the public IP and the hidden service are the same node.

@luke-jr luke-jr force-pushed the luke-jr:tor_standard_port branch from 3961fb2 to 8a26567 Mar 23, 2019

@practicalswift

This comment has been minimized.

Copy link
Member

commented Mar 23, 2019

Concept ACK

Are there additional decloaking vectors that could be worth fixing?

@gmaxwell

This comment has been minimized.

Copy link
Contributor

commented Mar 23, 2019

This sounds okay to me but it will remain trivial to link HS nodes with their non-HS addresses, we should document that clearly. (for example, hand a node a orphan txn on one identity then observe that it won't getdata the same txid on another)

@practicalswift

This comment has been minimized.

Copy link
Member

commented Mar 25, 2019

utACK 8a26567

@naumenkogs

This comment has been minimized.

Copy link
Contributor

commented Mar 25, 2019

utACK 8a26567

@MarcoFalke

This comment has been minimized.

Copy link
Member

commented Mar 25, 2019

Would there be any reason to make it user-configurable? Could the port collide with something else? Does this need release notes?

@luke-jr

This comment has been minimized.

Copy link
Member Author

commented Apr 4, 2019

@MarcoFalke This is only for the dedicated hidden service we create, so no, nothing else can use it.

The only reason for release notes would be if the privacy leak is serious enough to warrant an advisory; but IIRC this is only one of multiple ways to tie a Tor node to a clearnet node, so probably not.

@laanwj

This comment has been minimized.

Copy link
Member

commented Jun 18, 2019

I think this is fine.

There will be a slight service interruption due to this due to the new address needing to be propagated, but always using the "standard" virtual port by default makes perfect sense, there's no resource contention in Tor and need to deviate from that.

I don't think release notes are necessary.

The user can already configure it by setting up their own Tor hidden service. I don't think it's worth to add an option for it.

utACK 8a26567

@laanwj laanwj merged commit 8a26567 into bitcoin:master Jun 18, 2019

2 checks passed

continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

laanwj added a commit that referenced this pull request Jun 18, 2019

Merge #15651: torcontrol: Use the default/standard network port for T…
…or hidden services, even if the internal port is set differently

8a26567 torcontrol: Use the default/standard network port for Tor hidden services, even if the internal port is set differently (Luke Dashjr)

Pull request description:

  Currently, the hidden service is published on the same port as the public listening port.
  But if a non-standard port is configured, this can be used to guess (pretty reliably) that the public IP and the hidden service are the same node.

ACKs for top commit:
  practicalswift:
    utACK 8a26567
  naumenkogs:
    utACK 8a26567
  laanwj:
    utACK 8a26567

Tree-SHA512: 737c8da4f7c3f0bb22a338647d357987f5808156e3f38864168d0d8c2e2b171160812f7da4de11eef602902b304e357d76052950b72d7b3b83535b0fdd05fadc

sidhujag pushed a commit to syscoin/syscoin that referenced this pull request Jun 19, 2019

Merge bitcoin#15651: torcontrol: Use the default/standard network por…
…t for Tor hidden services, even if the internal port is set differently

8a26567 torcontrol: Use the default/standard network port for Tor hidden services, even if the internal port is set differently (Luke Dashjr)

Pull request description:

  Currently, the hidden service is published on the same port as the public listening port.
  But if a non-standard port is configured, this can be used to guess (pretty reliably) that the public IP and the hidden service are the same node.

ACKs for top commit:
  practicalswift:
    utACK 8a26567
  naumenkogs:
    utACK 8a26567
  laanwj:
    utACK 8a26567

Tree-SHA512: 737c8da4f7c3f0bb22a338647d357987f5808156e3f38864168d0d8c2e2b171160812f7da4de11eef602902b304e357d76052950b72d7b3b83535b0fdd05fadc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.