xmrk2 via tor-relays wrote:
Any ideas on how to combat this? I was thinking about including some
false positives in tor relay list. Imagine including some Google
servers' IP addresses - Comcast customers suddenly cannot connect to
Google, unless Comcast stops this blocking... or simply whitelists
Google. But those false positives sound ugly and a bit malicious, not
sure it is a good idea.
This sucks big time, if true. I am trying to ping Comcast from a
middle relay IP address and it seams, to work, I guess you mean
AS33651 - Comcast Cable LLC. Anyway, it could be, at latest consensus
there is no single relay (middle or exit) hosted in AS33651.
I am not sure about the false positive solution, I see only downsides,
including but not limited to:
- it's not ethical for Tor Project to do this, e.g. stating another
company's infrastructure (say Google IP address space) is part of a
network when in fact its not. I get it that the goal is privacy
oriented and in good faith (freedom faith) but it seams rather
inappropriate;
- there is no evidence that a blocker might use a list of relays
provided by Tor Project's metrics portal (I am confident nobody does
it because it's less effective) - they can just run a Tor client and
get a copy of a consensus and extract from there IP:PORT IPv6:PORT and
do from there whatever they please;
- if you include such false positives in the consensus you have to
simulate dummy Tor relays on those "hot" IP addresses, like providing
an onion key, RSA identity and ed25519 identity, thus looking like a
relay, state some bandwidth for it, etc - in this case how will a Tor
client know which relay is dummy and which not, in order not to try to
establish circuits that fail, ultimately producing a terrible user
experience for all users. Same applies for other relays, not just
clients, that need to produce connections with the dummy relays. If we
somehow mark them as "dummy", it will be pretty stupid and obvious and
waste of effort as the blocker can simply understand the "dummy"
marker and it's done, I guess it's pretty obvious.
I already wrote about this publicly, and also wrote a mail to EFF.
Hope I am not spamming, I feel this is quite important issue and am a
bit frustrated by the lack of attention it gets.
Not at all, this is very interesting and not spamming at all. I think
it is unacceptable for this to happen, and I think all Comcast
customers should quit if this is true - large internet corporations
are trying to move on from "IP address identifications" as in only a
beginner that discovered the internet one week ago still thinks of the
IP address as "identification of a certain individual / entity",
everybody is moving to advanced layers of authentication on per device
basis, cryptographic public key, etc. Comcast if they do such a thing
they set themselves 25 years behind the industry they operate in. And
this can create many unwanted effects, someone should try to do
something about this but I am not sure what we Tor volunteers *can* do
to help with this, especially the ones that are not Comcast customers.
EFF is the best start IMO.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays