[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Re: Netscan Hetzner

To: forest-relay-contact@xxxxxxxxxxxxx
Subject: [tor-relays] Re: Netscan Hetzner
From: Tor at 1AEO via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Date: Mon, 29 Dec 2025 08:48:49 +0000
Cc: tor-relays@xxxxxxxxxxxxxxxxxxxx
Feedback-id: 134967009:user:proton
In-reply-to: <176699776384.3409394.4907141681125611197@lists-01.torproject.org>
List-id: "support and questions about running Tor relays (exit, non-exit, bridge)" <tor-relays.lists.torproject.org>
References: <424445af-eb41-27d9-ef61-3508a64d3251@wcbsecurity.com> <176699776384.3409394.4907141681125611197@lists-01.torproject.org>
Reply-to: Tor at 1AEO <tor@xxxxxxxx>

The concern is how flow-level telemetry is interpreted and what it can expose when applied to Tor traffic.

NetFlow-style data is not neutral from a privacy perspective. While it doesn’t include payloads, it does expose timing, fan-out, retry behavior, and correlation patterns. When retained or disclosed — intentionally or otherwise — that metadata can reveal Tor traffic characteristics and failure-mode behavior that would not exist at all if such flow data were not collected.

So the issue isn’t that NetFlow exists, but that:

It enables misclassification of normal Tor reconnection behavior during outages, and

It creates an additional metadata surface that can be analyzed or requested.

For context, we don't log traffic and don't run NetFlow.

Relay count alone is a limited indicator of concentration risk. Concentration risk is modeled via families (looking forward to "Happy Families"!) and weighting, and the Network Health team actively vets large operators.

Best,
Tor at 1AEO

On Monday, December 29th, 2025 at 12:43 AM, forest-relay-contact--- via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx> wrote:

> 

> 

> Hello.
> 

> Chris Enkidu-6 wrote:
> 

> > As for your other claim, I decided to do a relay search. Out of over
> > 9400 Tor relays 407 of them are operated out of Hetzner (As24940). You
> > as a single Tor operator control around 750 relays give or take. Which
> > one would you say is a bigger security risk?
> 

> 

> To be fair, a relay operator running hundreds of relays is less likely
> to be a risk because they are less likely to be monitoring or exporting
> traffic flows. That's not to say that monitoring traffic flows is bad,
> but if someone came up to a relay operator and said "hey, send us highly
> detailed traffic statistics and metadata and some money and we'll alert
> you if we detect anything suspicious", the operator is more likely to
> report the offer here than to sign a contract and call it good business
> sense.
> 

> Ability to correlate traffic != willingness to engage in activities that
> would make traffic correlation feasible.
> 

> Regards,
> forest

Attachment: publickey - tor@1aeo.com - 0x9288289B.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list -- tor-relays@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-relays-leave@xxxxxxxxxxxxxxxxxxxx

Follow-Ups:
- [tor-relays] Re: Netscan Hetzner
  - From: forest-relay-contact--- via tor-relays

References:
- [tor-relays] Re: Netscan Hetzner
  - From: Chris Enkidu-6 via tor-relays
- [tor-relays] Re: Netscan Hetzner
  - From: forest-relay-contact--- via tor-relays

Prev by Author: [tor-relays] Re: Netscan Hetzner
Next by Author: [tor-relays] Re: Netscan Hetzner
Previous by thread: [tor-relays] Re: Netscan Hetzner
Next by thread: [tor-relays] Re: Netscan Hetzner
Index(es):
- Author
- Thread