Yawning Angel yawning@schwanenlied.me wrote:
I have two objections to this, one political, one technical:
- (The political objection) While this is "cool" and probably(?) "funded", it seems like a poor thing to work on in terms of developmental priority when there are other things Hidden Service related that need a lot of developer attention, primarily in making the existing HSes more resilient against Nation State level adversaries (Eg: Prop. 224).
I agree that 224 and improvements to “double onion services” are much more important.
On the other hand, the goal of single onion services is to encourage more use of onion services in general, especially by large scale normal-web services. Bringing those new services and the extra attention can hopefully help improve the perception of the onion services in general, and possibly help with funding them.
(The technical objection) It is overly easy for assholes[0] to censor Single Onion Services due to:
it’s possible for the previous relay to guess the service you’re connecting to
While such a censor would only be able to deny service to clients as a fraction of their relay(s) consensus weight, it's still something that probably should get consideration.
Yes, we should address this. Is retrying through a new circuit after circuit failures sufficient, or do we need something more sophisticated?
As a countermeasure, a single onion service can choose to also act as a tor relay. In that case, the censor relay should not be able to easily distinguish between relay traffic and the single onion traffic.
- special