Comment by immibis
[flagged]
[flagged]
>Organizations which have their own IP ranges can use them at Hetzner, too.
If you own the nodes you can just log the encrypted traffic with metadata like user IP (if its an entry-node, which requires a Guard-flag), source and destination Tor-node and timestamp to send it to a centralized logging server. No need to host them in the same rack.
The problem of three nodes being in one rack is traffic analysis of an external attacker, who doesn't own the nodes. If someone already owns the nodes it doesn't matter where they host them.. Using your own IP range for an attack would just be more complicated, less effective than just buying nodes worldwide and is an OPSEC risk.
So the only reason to run tor nodes on your own IP range on Hetzner servers is if you work together with an organization which has access to ISP and datacenter traffic and probably work together with the datacenter owner to attack Tor users through a correlation attack.
>Exit circuits are not the only type of circuit. Connections to onion services are sent over 6 nodes, not 3. You talked about 3 nodes, so I assumed you talk about the typical Guard or Bridge Node -> Mid-Node -> Exit-Node circuit. The only reason to have less nodes are single-hop onion services. They are an edge-case..
EDIT: fixed grammer
This comment is wrong and not funny.
1) you didn't read path selection constraints: https://spec.torproject.org/path-spec/path-selection-constra...
>We do not choose more than one router in a given network range, which defaults to /16 for IPv4 and /32 for IPv6. (C Tor overrides this with EnforceDistinctSubnets; Arti overrides this with ipv[46]_subnet_family_prefix.)
2) There is currently no exit-node hosted at Hetzner. Check the Tor atlas