[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Blog: How Malicious Tor Relays are Exploiting Users in 2020 (Part I)

Is there anything Tor can do inside the Tor browser itself?
I would understand and support something as drastic as disabling non-HTTPS, non-Onion connections altogether. When the user types a URL with no protocol prefix, the browser will assume HTTPS.
This may break some websites, so a transition may be required. Such a transition can start with a warning banner, proceed to a warning page, then to a browser setting to enable it, and finally to disabling the capability for good.

The above assumes there is much less benefit in running a rogue Tor exit if the operator cannot see or alter the content it is relaying.

On Fri, Aug 14, 2020 at 1:25 PM niftybunny <abuse-contact@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac

  • There are multiple indicators that suggest that the attacker still runs >10% of the Tor network exit capacity (as of 2020–08–08)

And on this one: I trust nusenu who told me we still have massiv malicious relays.



On 14. Aug 2020, at 19:12, Roger Dingledine <arma@xxxxxxxxxxxxxx> wrote:

On Thu, Aug 13, 2020 at 03:34:55PM +0200, niftybunny wrote:
This shit has to stop. Why are the relays in question still online?

Hm? The relays are not online -- we kicked them in mid June.

We don't know of any relays right now that are attacking users.

Or said another way, if anybody knows of relays that are doing any attacks
on Tor users, ssl stripping or otherwise, please report them. I believe
that we are up to date and have responded to all reports.

That said, there is definitely the uncertainty of "I wonder if those
OVH relays are attacking users -- they are run by people I don't know,
though there is no evidence that they are." We learned from this case
that making people list and answer an email address didn't slow them down.

I still think that long term the answer is that we need to shift the
Tor network toward a group of relay operators that know each other --
transparency, community, relationships, all of those things that are
costly to do but also costly to attack:
https://gitlab.torproject.org/tpo/metrics/relay-search/-/issues/40001
https://lists.torproject.org/pipermail/tor-relays/2020-July/018656.html
https://lists.torproject.org/pipermail/tor-relays/2020-July/018669.html

But the short term answer is that nobody to my knowledge has shown us
any current relays that are doing attacks.

Hope that helps,
--Roger

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays