26 Oct
2015
26 Oct
'15
11:38 a.m.
On Oct 26, 2015, at 11:34, Alec Muffett alecm@fb.com wrote:
Of course. All the cases where you set up a hidden service exactly because your host is behing a NAT. Like the webcam raspi I'm just booting up.
We run our tor daemons in a enclave network which can only connect outbound to the Internet, or backwards into infrastructure.
Also, it's probably wise to point out that NAT-punching (and/or SOCKS-punching outbound) reduces cost of HS adoption for organisations that don't want to rejig their network architecture to permit "yet another listener"; it's an attractive proposition to say "it only connects outbound and rendezvouses (sic?) in the middle of the tor cloud" #ohThatsOkayThenNoFirewallChanges