Skip to content

Remove privacy impairment warnings in HiddenServiceNonAnonymousMode

Summary

Tor currently offers a variety of well-meaning but inapplicable warnings when running single onion services.

Using accounting with a hidden service and an ORPort is risky: your hidden service(s) and your public address will all turn off at the same time, which may alert observers that they are being run by the same party.

Using accounting with multiple hidden services is risky: they will all turn off at the same time, which may alert observers that they are being run by the same party.

What is the expected behavior?

If a user sets HiddenServiceNonAnonymousMode, they are obviously not trying to hide that they are running onion services. These warnings should therefore be skipped, as there is no added risk from using accounting or running a relay at the same time.

Keep in mind that using non-anonymous mode already adds the following warning:

This copy of Tor was compiled or configured to run in a non-anonymous mode. It will provide NO ANONYMITY.

This strikes me as more than sufficient to get the point across.

On a related note, these warnings could stand to be updated to use the new "onion service" nomenclature. It might be worth considering the deprecation of the current configuration options in favor of synonyms like "OnionServiceNonAnonymousMode" as well.

Edited by Jeremy Saklad
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information