[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: 25 tbreg relays in directory



Jim McClanahan wrote:
[...]
> Certainly, protecting
> the network is a priority.  Protecting "uninformed or unsuspecting"
> users gets trickier IMHO.  I'll admit this is a bit of a hot-button
> issue for me and I may have overreacted.  But I think care needs to be
> taken before cavalierly shutting something down to protect uninformed or
> unsuspecting users.  I agree with Ringo <2600denver@xxxxxxxxx> when he
> wrote (at Tue, 30 Jun 2009 00:06:01 -0400) "Remotely disabling Tor nodes
> is a slippery slope."

In my humble opinion, protecting uninformed or unsuspecting users /
relay operators should be a priority.

Numbers of relays running a particular Tor version (extracted from the
current consensus):
      1 0.1.1.19-rc
      2 0.1.1.23
      2 0.1.1.25
      2 0.1.1.26
      1 0.1.2.13
      2 0.1.2.14
      7 0.1.2.16
     20 0.1.2.17
     11 0.1.2.18
     73 0.1.2.19
      1 0.1.2.3-alpha
      1 0.1.2.9-rc
      3 0.2.0.30 (r15956)
     32 0.2.0.31 (r16744)
     23 0.2.0.32 (r17346)
     39 0.2.0.33 (r18212)
   1048 0.2.0.34 (r18423)
    411 0.2.0.35
      1 0.2.0.4-alpha
      2 0.2.0.7-alpha (r11572)
      1 0.2.1.10-alpha (r17969)
      9 0.2.1.11-alpha (r18192)
     10 0.2.1.12-alpha (r18423)
      1 0.2.1.13-alpha-dev (r19091)
      2 0.2.1.13-alpha-dev (r19200)
      1 0.2.1.13-alpha-dev (r19220)
     11 0.2.1.13-alpha (r18828)
     29 0.2.1.14-rc (r19307)
      1 0.2.1.14-rc (r19364)
      1 0.2.1.14-rc (r19715)
      1 0.2.1.14-rc (r19870)
     40 0.2.1.15-rc
    100 0.2.1.16-rc
      8 0.2.1.2-alpha (r15383)
      2 0.2.1.7-alpha (r17216)
     17 0.2.2.0-alpha-dev
Just remove all relays from the directory that are running old versions
and only keep 0.2.0.34, 0.2.0.35, 0.2.1.15-rc, 0.2.1.16-rc and maybe
0.2.2.0 listed. You'll only lose about 300 relays, so no big loss.
A relay operator should be able to keep his Tor updated. If he doesn't,
chances are that his machine will be compromised. That's bad for him.
It's also bad for the Tor users (and their anonymity), because some
entity might be able to compromise a large number of Tor relays.

Relays that are running without the PC owner knowing about it should
also be removed. The PC owner might get into trouble with his ISP or
government and the relay also has a higher risk of being compromised.