[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] State of bad relays (March 2017)

Thanks for this email.

> Two common Tor network abuses are:
> a) Bad exit nodes sniffing and messing around with client traffic.
> b) Bad HSDir nodes. The hidden service hash ring is a particularly juicy
>    target, since participating relays get to see the addresses of onion
>    services when they publish their descriptors.

I hoped tor directory authorities would care [1] about tor relay groups
with end-to-end capabilities as much as about HSDirs.

(this list is truncated)

(even though they might not be intentionally malicious;
yes contactinfo can be arbitrarily forged)

I think an actual step to help protect tor users and to improve the
current situation is to implement proposal 242 (better families) [2]
followed by a stricter enforcement of it by dir auths (unlikely to happen).
Proposal 242 reduces the burden from tor relay ops when running more
than one relay and hopefully decreases the number of undeclared families
that put users at risk because they potentially see traffic entering
_and_ leaving the tor network (which breaks the assumption that not
every relay in a circuit is operated by the same operator).

Even with prop 242 available in a released tor version its usefulness
depends on the actual adoption by relay ops, something that is hard to
but implementing prop242 certainly scales better than contacting every
tor relay operator that does not set MyFamily (properly).

protecting users from known relay groups with end-to-end correlation


Attachment: signature.asc
Description: OpenPGP digital signature

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to