[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: 25 tbreg relays in directory



On 2009-04-27 18:27 CST, Scott Bennett wrote:
>      torstatus currently shows 25 different relays that are all named "tbreq"
> and appear to be in China.  I wonder whether these are due to some benighted
> user restarting tor after clearing its key files every time, or whether there
> may be several that are all owned by one organization.  All but four are
> marked as being "offline".

I finally got a plausible answer a few days ago.

The short answer is, someone are making use of Tor to do nasty things,
and all "tbreg"s aren't aware they are running Tor relays.

The long answer.

"tbreg" stands for "TaoBao REGistrar". TaoBao is an eBay-like website in
China. Some sellers want to quickly increase their reputations
(so-called refresh) in order to attract more buyers. The first thing for
them is to register multiple accounts. However, TaoBao is rigorous on
this, a single IP is only allowed to register one or two accounts. So,
someone realize this need and begin to sell softwares which
automatically register large number of TaoBao accounts. Tor, together
with Privoxy are used as a HTTP proxy to bypass the IP restriction. For
some reasons I don't understand, this software will run Tor as a relay.

I've downloaded the software and tested, the version of Tor in it is
indeed 0.2.1.2-alpha, torrc in it is

  SocksPort 9050 # what port to open for local application connections
  SocksListenAddress 127.0.0.1 # accept connections only from localhost
  ControlPort 9051
  Nickname tbreg
  ORPort 9001

You may test yourself, the download link is
http://www.wintaobao.com/download/tbreg_v1.3.8.msi (from
http://bbs.wintaobao.com/viewthread.php?tid=135).

Finally some random thoughts.

1. We shall be reassured for a moment, these relays won't do much harm
to the Tor network. I'm more concerned about the people running these
relays, their computers aren't protected at all. But considering the
things these guys are doing... well, let it go!

2. Why Tor runs in a relay mode?

3. Should these "tbreg"s be banned from the Tor network? If so, what's
the best way to do?

Hanru