Is there a security problem with turning a middle relay, whose ip address is known, into a bridge?
TIA,
--Torix
Sent with [ProtonMail](https://protonmail.com) Secure Email.
On Tue, Sep 29, 2020 at 02:47:30PM +0000, torix@protonmail.com wrote:
Is there a security problem with turning a middle relay, whose ip address is known, into a bridge?
It depends on why you make this change.
I did it a few weeks ago because one of my nodes was on a server hosting several services (and being seen as a Tor node was painful for some of them). The node disappeared from node lists after a few days. This includes external lists (like dan tor) used to blacklist exit or all tor relays. It was enough for me (but the contribution to the network is really lower now so I will find another way :).
If you need more I would suggest to modify/renew the node's name and fingerprint to avoid being simply found with the old ones with a simple relay search.
Then AFAIK it depends on what you want to protect your node from.
(I will be interested like you if any other advice on the subject)
Corl3ss
On Tue, Sep 29, 2020 at 02:47:30PM +0000, torix@protonmail.com wrote:
Is there a security problem with turning a middle relay, whose ip address is known, into a bridge?
Depends on how you define "security problem". It's could certainly be problematic for a Tor user in a repressive regime to be seen to attempt to communicate with a known Tor node. It's also certainly *pointless* to run a brodge on an IP address known to be a Tor relay, because IP addresses of known Tor relays, even middle relays, are commonly blocked by the sorts of people who don't want others to use Tor. So Tor users affected won't be able to use your bridge anyway.
- Matt
Thanks, Matt - that was what I suddenly realized as I planned to rebuild the relay: I wasn't changing the now public ip address. --Torix
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, September 30, 2020 4:06 AM, Matt Palmer mpalmer@hezmatt.org wrote:
On Tue, Sep 29, 2020 at 02:47:30PM +0000, torix@protonmail.com wrote:
Is there a security problem with turning a middle relay, whose ip address is known, into a bridge?
Depends on how you define "security problem". It's could certainly be problematic for a Tor user in a repressive regime to be seen to attempt to communicate with a known Tor node. It's also certainly pointless to run a brodge on an IP address known to be a Tor relay, because IP addresses of known Tor relays, even middle relays, are commonly blocked by the sorts of people who don't want others to use Tor. So Tor users affected won't be able to use your bridge anyway.
- Matt
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Corl3ss -
Matt Palmer -
torix@protonmail.com