Thanks for this email. > Two common Tor network abuses are: > > a) Bad exit nodes sniffing and messing around with client traffic. > > b) Bad HSDir nodes. The hidden service hash ring is a particularly juicy > target, since participating relays get to see the addresses of onion > services when they publish their descriptors. I hoped tor directory authorities would care [1] about tor relay groups with end-to-end capabilities as much as about HSDirs. https://raw.githubusercontent.com/ornetstats/stats/master/o/potentially_dangerous_relaygroups.txt (this list is truncated) (even though they might not be intentionally malicious; yes contactinfo can be arbitrarily forged) I think an actual step to help protect tor users and to improve the current situation is to implement proposal 242 (better families) [2] followed by a stricter enforcement of it by dir auths (unlikely to happen). Proposal 242 reduces the burden from tor relay ops when running more than one relay and hopefully decreases the number of undeclared families that put users at risk because they potentially see traffic entering _and_ leaving the tor network (which breaks the assumption that not every relay in a circuit is operated by the same operator). Even with prop 242 available in a released tor version its usefulness depends on the actual adoption by relay ops, something that is hard to predict, but implementing prop242 certainly scales better than contacting every tor relay operator that does not set MyFamily (properly). [1] protecting users from known relay groups with end-to-end correlation capabilities https://lists.torproject.org/pipermail/tor-dev/2016-December/011714.html [2] https://gitweb.torproject.org/torspec.git/tree/proposals/242-better-families.txt https://trac.torproject.org/projects/tor/ticket/5565
Attachment:
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk