torcontrol: Use the default/standard network port for Tor hidden services, even if the internal port is set differently #15651

1. 
   luke-jr commented at 5:47 am on March 23, 2019: member

   Currently, the hidden service is published on the same port as the public listening port. But if a non-standard port is configured, this can be used to guess (pretty reliably) that the public IP and the hidden service are the same node.
2. fanquake added the label P2P on Mar 23, 2019
3. 
   DrahtBot commented at 6:11 am on March 23, 2019: member

   The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

   Conflicts

   No conflicts as of last run.

4. torcontrol: Use the default/standard network port for Tor hidden services, even if the internal port is set differently

   Currently, the hidden service is published on the same port as the public listening port.
   But if a non-standard port is configured, this can be used to guess (pretty reliably) that the public IP and the hidden service are the same node.

   8a2656702b
5. luke-jr force-pushed on Mar 23, 2019
6. 
   practicalswift commented at 3:16 pm on March 23, 2019: contributor

   Concept ACK

   Are there additional decloaking vectors that could be worth fixing?

7. 
   gmaxwell commented at 11:37 pm on March 23, 2019: contributor

   This sounds okay to me but it will remain trivial to link HS nodes with their non-HS addresses, we should document that clearly. (for example, hand a node a orphan txn on one identity then observe that it won’t getdata the same txid on another)
8. 
   practicalswift commented at 10:48 am on March 25, 2019: contributor

   utACK 8a2656702b4b5d53d1b8343c3215302e4305a038
9. 
   naumenkogs commented at 7:30 pm on March 25, 2019: member

   utACK 8a26567
10. 
    MarcoFalke commented at 7:42 pm on March 25, 2019: member

    Would there be any reason to make it user-configurable? Could the port collide with something else? Does this need release notes?
11. 
    luke-jr commented at 10:19 am on April 4, 2019: member

    @MarcoFalke This is only for the dedicated hidden service we create, so no, nothing else can use it.

    The only reason for release notes would be if the privacy leak is serious enough to warrant an advisory; but IIRC this is only one of multiple ways to tie a Tor node to a clearnet node, so probably not.

12. 
    laanwj commented at 3:28 pm on June 18, 2019: member

    I think this is fine.

    There will be a slight service interruption due to this due to the new address needing to be propagated, but always using the “standard” virtual port by default makes perfect sense, there’s no resource contention in Tor and need to deviate from that.

    I don’t think release notes are necessary.

    The user can already configure it by setting up their own Tor hidden service. I don’t think it’s worth to add an option for it.

    utACK 8a2656702b4b5d53d1b8343c3215302e4305a038

13. laanwj merged this on Jun 18, 2019
14. laanwj closed this on Jun 18, 2019

    ---

15. laanwj referenced this in commit 6c9d3c704f on Jun 18, 2019
16. sidhujag referenced this in commit 8ba243e50b on Jun 19, 2019
17. luke-jr referenced this in commit 602ad30a0b on Aug 23, 2019
18. fanquake referenced this in commit a2b207be7a on Aug 24, 2019
19. fanquake referenced this in commit f792b25d14 on Sep 23, 2019
20. laanwj referenced this in commit 29d70264fb on Nov 25, 2019
21. jasonbcox referenced this in commit c63ec5c0b0 on Nov 11, 2020
22. PastaPastaPasta referenced this in commit 81776d4f0b on Jun 25, 2021
23. PastaPastaPasta referenced this in commit ae7c62d0ee on Jun 25, 2021
24. PastaPastaPasta referenced this in commit 4b32b68724 on Jun 25, 2021
25. PastaPastaPasta referenced this in commit 7f012a777b on Jun 26, 2021
26. DrahtBot locked this on Dec 16, 2021

Contributors
luke-jr DrahtBot practicalswift gmaxwell naumenkogs MarcoFalke laanwj

Labels
P2P