[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Why MyFamily?



>> - risk reduction for tor users
>> MyFamily declarations allow the tor client software to automatically
>> detect relay families when creating circuits to
>> avoid using multiple relays from the same operator in a single circuit.
>>
> 
> This should not matter if the operator is not malicious 

That is a big if and impossible to detect automatically.
If we accept operators to run end-to-end correlation relay groups by receiving "you can trust me" emails
you can guess what malicious actors will do next.

The only way the tor client software can detect relay groups across multiple /16 blocks automatically and at scale 
is currently by MyFamily declaration.
There is no "dude don't worry, you can trust me" flag.

> and like i already
> said an malicious operator will not use the same contact info or relay name.

We've had that already.

> But as long as my family is still a small 

It is rather hard, time consuming and error prone
to asses group sizes without proper MyFamily declarations.


> I think MyFamily greatly fails in trying to solve a problem 

I agree, but it is currently the only option how operators can tell tor clients
about their relay group in an automated way. 

To summarize:

Multiple recommendations (with and without configuration management) 
have been pointed out to practically solve the hassle of MyFamily across multiple relays with a growing group of relays
without requiring to mess with all torrc files manually whenever a new relay gets added to a group.

Using one of them should be in the interest of relay operators to help protect tor users
(and indirectly help with malicious relay detection).

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays