[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] >23% Tor exit relay capacity found to be malicious - call for support for proposal to limit large scale attacks



On 09.07.2020 00:20, Jonas wrote:

If you can detect the "bad relays", why not simply flag them and move on?
I agree with you for publicizing bad relays and locking them faster. Personally, I blocked some exits in my Tor browser. E.g. these expensive high bandwith (unnamed & without mail contact)
https://metrics.torproject.org/rs.html#toprelays

A few concerns about the proposed plans. Putting a validated email
address in a public field is a concern. It becomes trivial to scrape
the address and spam the relay operator. Personally, this is a problem
for now (2,500 spam emails in the past week).

However, the validation email address only needs to be available for a short time. Many providers require that you have an abuse address for an exit server. I have my email not obfuscated and hardly get any spam. And when I get some, I will change it. ;-) https://metrics.torproject.org/rs.html#search/TorOrDie4privacyNET
(greylisting, amavisd & spamassassin can help)

Require PGP/GPG is silly. It is a failed system and is easily exploited to find all connections in a social network map. Even the US EFF wants you to stop using it[1]. The system was exploitable for a > decade before users noticed.

PGP/GPG should be used here for verification, not for encryption. Every Debian or Githup package is GPG signed.

With this scenario, we are all a single legal request away from
a government agency having all of this data. I understand the USA and
EU abuses this system constantly with secret requests. Police and
intelligence agencies already have thousands of idle shelf companies
waiting to be used.

I am sure that they have direct access to DNS Whois address owner. And the address lists of large providers (Hetzner, OVH and Online S.a.s) will have had them for a long time. Old rule: 'follow the money'. Anyone who does not use Monero to pay for their servers @ provider is known to them. Combating terrorism and child pornography makes it possible. They don't have to come to the Tor Project office with a legal request ;-)

Tor Project has my address and bank details for a long time.
The people from the CCCCologne know where I live anyway. Ah, and niftybunny too.


--
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays