After looking at lots of malicious relay data of the past few months I've come to the conclusion that exit relays without ContactInfo are largely run by malicious actors. I propose to make torrc's ContactInfo mandatory for exit relays with the following timeline: * tor 0.4.6: log a warning that tor will require ContactInfo to be set on an exit relays starting with tor v0.4.7 * tor 0.4.7: no longer assign the exit flag to relays not having a ContactInfo (< 5 chars) in their descriptor. Log a warning for relay operators, I'll add graphs that show exit fraction provided by exit relays without ContactInfo over time to OrNetStats. Is this an effective remedy to deter malicious actors? No and it is not meant to be one. It is trivial to set a random non-empty ContactInfo, only in combination with other countermeasures it becomes actually useful. ContactInfo is also mentioned in this draft: https://gitlab.torproject.org/tpo/community/team/-/wikis/Expectations-for-Relay-Operators I'll make it easy for Tor Browser users to exclude exit relays without ContactInfo from their configuration. This might makes the proposal irrelevant should the release alone result in exits getting non-empty ContactInfos. More details will follow soon. kind regards, nusenu -- https://nusenu.github.io
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays