On Tue, Feb 04, 2020 at 04:15:23PM -0500, David Goulet wrote:
On 04 Feb (19:03:38), juanjo wrote:
[snip]
And the reason for private nodes is probably because this way you eliminate noise from other tor traffic so _anything_ connecting back to your ORPort is related to the onion service connections you've done. You don't need to filter out the circuits with some custom code (which is very easy to do anyway).
That is unfortunately a problem that onion service have. These types of guard discovery attacks exists and they are the primary reasons why we came up with Vanguards couple years ago:
https://blog.torproject.org/announcing-vanguards-add-onion-services
Indeed. Just to underscore the point: we demonstrated those attacks in the wild and proposed versions of vanguards in the same work where we introduced guards in the first place, published way back in 2006.
But one thing for sure, simply forcing rendezvous points to be part of the consensus will _not_ fix this problem as it is fairly easy to pull this type of attack by simply using a normal relay within the consensus.
+1
aloha, Paul