[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Recent rejection of relays



Gus,

I have to agree with z-relay on these points.

I won't even provide an obfuscated contact email in my torrc to avoid spam. I could setup a dedicated email for Tor operation, but I'd likely find my relays down prior to checking it.

Case in point... When registering a domain name, I've gotten to the point where I use a disposable phone number and email address, due to the amount of spam generated from such a transaction.

Presently, I like how Tor notifies me of any issues with my configuration in the torlog and provides recommendations on how to remedy them.

I believe you will find that asking for operators to provide contact address information for an anonymizing service will always be a struggle–it's the nature of the service and those that subscribe to it.

BTW... My ISP does have my contact/billing information, but doesn't require it be publish publicly.

Respectfully,


Gary

This Message Originated by the Sun.
iBigBlue 63W Solar Array (~12 Hour Charge)
+ 2 x Charmast 26800mAh Power Banks
= iPhone XS Max 512GB (~2 Weeks Charged)


On Thursday, November 11, 2021, 5:59:45 AM PST, gus <gus@xxxxxxxxxxxxxx> wrote:


Hi,

On Wed, Nov 10, 2021 at 09:14:58PM +0000, z-relay--- via tor-relays wrote:
> I'll throw in my 2 cents.
>
> Limitations with current approach:
>
> 1. Asking all relay operators to list their email addresses in the public relay list is largely equivalent to asking them to invite tens of thousands of spam emails into their inboxes and having to either ignore most of them or set up aggressive filtering rules which can easily bounce legitimate messages.


I'm running relays and spam is not an issue. It's a pain if you're
running exit nodes, then you will get abuse notifications from your ISP.

And if spam is an issue for you, you could manage that using GitLab
Service Desk feature, for example:
https://docs.gitlab.com/ee/user/project/service_desk.html

>This also opens up a convenient channel for "adversaries" to harass or even coerce the relay operators.

Actually, that would be quite stupid from their part to do that... by
email. Anyway, if that happens, contact us.

Anyway, my question is:

Why your ISP can contact you, but the Tor Community can't have
an easy way to reach out to an operator?

> 2. Middle relays can be used for attacking and the only defense being "list your email addresses or else we'll kick you out" throws a sizable wretch into the credibility and technical soundness of the whole project. If the "adversaries" are capable of de-anonymize tor users by simply running a middle relay that by design knows neither the real sources nor the real destinations of the traffic through it, I wonder how hard would it be for them to set up an email address?
>
> Some suggestions to consider:
>
> 1. Since the DAs and the relays already know each others' IP addresses and public ID keys. Perhaps tor can add a feature where the DAs can send authenticated and encrypted short messages to the relays, which can then verify the messages and log them in syslog or log files as configured in torrc.
>
> The messages can be something along the lines of "Your relay is misconfigured in ABC ways, please do XYZ to fix it. Contact our help desk at ***@torproject.org if you have questions or need further assistance.".
>
> 2. As a stop term solution before this feature can be implemented would be listing all the misconfigured relays on a page hosted by torproject.org, and make the page easy to discover by linking to it on relay help pages. Same idea here, I'm sure many are happy to reach out for instructions to correct any misconfigurations, but that does not mean all of us are excited about publishing an email address in a public list, nor it is technically necessary.
>

Thanks for your suggestion. But, in my experience, unrecommended relays
are already listed on Metrics page and operators didn't act/notice until
we got in touch and asked them to upgrade.

Gus


> ________________________________
> From: Georg Koppen 'gk at torproject.org' <z-relay+tor-relays=lists.torproject.org@xxxxxxxxxxxxxxxxxxxxxxx>
> Sent: Wednesday, November 10, 2021 6:40 PM
> To: z-relay@xxxxxxxxxxxxxxxxxxxxxxx <z-relay@xxxxxxxxxxxxxxxxxxxxxxx>
> Subject: Re: [tor-relays] Recent rejection of relays
>
>
> Jonas via tor-relays:
> > Where is this criteria documented?
>
> I am not sure what criteria you mean but we have our bad-relay
> criteria[1] documented at our wiki and keep fingerprints we reject due
> to attacks we noticed there as well[2].
>
> > It seems the tor project, or its designated volunteers, are increasing controlling and managing the network. In the Swiss Federation and EU this turns the tor project into an "online service provider" or "online platform" and subjects one to all sorts of regulations and compliance regimes.
> >
> > We already get enough requests from the police regarding relays hosted in our datacenters. Shall we point them at tor as the network operator?
>
> The Tor Project is not running the network. It's comprised of relays run
> mostly by volunteers. I am actually not really sure either what you are
> proposing to be honest. Shall we just keep the relays attacking our
> users in the network instead?
>
> Georg
>
> [snip]
>
> [1]
> https://gitlab.torproject.org/tpo/network-health/team/-/wikis/Criteria-for-rejecting-bad-relays
> [2]
> https://gitlab.torproject.org/tpo/network-health/team/-/wikis/Rejected-fingerprints-found-in-attacks
>
> >
> > ---------- Original Message ----------
> > On Wed, November 10, 2021 at 8:59 AM,  Georg Koppen<gk@xxxxxxxxxxxxxx> wrote:
> > Hello everyone!
> >
> > Some of you might have noticed that there is a visible drop of relays on
> > our consensus-health website.[1] The reason for that is that we kicked
> > roughly 600 non-exit relays out of the network yesterday. In fact, only
> > a small fraction of them had the guard flag, so the vast majority were
> > middle-only relays. We don't have any evidence that these relays were
> > doing any attack, but there are attacks possible which relays could
> > perform from the middle position. Therefore, we decided we'd remove
> > those relays for our users' safety sake.
> > _______________________________________________
> > tor-relays mailing list
> > tor-relays@xxxxxxxxxxxxxxxxxxxx
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >
>
>
>
>

> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



--
The Tor Project

Community Team Lead

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays