[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: perfect-privacy.com, Family specifications, etc.
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: perfect-privacy.com, Family specifications, etc.
- From: CyberRax <cyberrax@xxxxxxxxx>
- Date: Sun, 16 May 2010 23:04:00 -0700 (PDT)
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Mon, 17 May 2010 02:04:09 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1274076241; bh=cgnB2tRF/koBeNrO/hO9sFrBkkKMjEaiR7vGNkpjd3I=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=LIqOinwuMb8NImRpm/C2oio01AAzCWMArJ6R6TAbkMHa9E9eySRyvggciaCYFsK2oncbJ8bs00DyijaCtF1O1sUx7T6fkzMzUWoizArDtLY5xotcGWC8sklZz5hginPMMtcOCYCJDQdBE3LHdaFvCDVZh48V6sJMTYONL4djOyM=
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=bO8bui0BfFo8ZrCXpmW5WyqyGoX81HDOyns0zEdr8NkYNFxPsGk87XBDAa4cYkB8aIz7T2VghZ6NDXYjZ/6oPo0uxxqOqwVujckyRAqumRghX8TpDufcJfGxmRYRMym9ywSgCWvnaPbamNKYGLeQ1qyMrXNz/7bv7N6AaoTDk4A=;
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
> > While some of them appear to be guards, none is running as an
> > exit node, so this should not be possible.
> Thanks for pointing that out, Paolo. I had missed that. However,
> it should not be possible to get more than one of them in any given
> circuit route, but because they are not grouped into a single Family,
> a circuit could consist of all nodes except the exit node being
> perfect-privacy.com's nodes.
For most users it would suffice if all PerfectPrivacy nodes would
loose their Guard flag (which for those who haven't explicitly set
"UseEntryGuards 0" in their TORRC would mean that PerfectPrivacy
servers would act the way they seems to be set up - as middle-relays).
As far as I can tell the main problem are the German relays which
list other family members as PPrivGermanyX, while the servers themselves
use the names PPrivComGermanyX. So it would be enough if servers
PPrivComGermany2 - PPrivComGermany5 would become invalid.
The exact definition of "family" seems somewhat foggy in the
documentation. The Tor manual says "controlled or administered by
a group or organization identical or similar to that of the other
servers" which to me reads "is run by the same people", while the
TorFAQ starts with "don't run more than a few dozen on the same
network" which seems to indicate that the physical network is what
defines a family (which seems to be how the PerfectPiracy folks are
defining it). It's only the last line of that section which says "You
should set MyFamily if you have administrative control of the computers
or of their network". Seems like an optional thing to me rather than a
requirement.
Personally I have mixed feelings about disabling a whole node-family
just to send a message. Sure, it'll probably work and definitely would
help Tor's security, but it'd also be bad for the networks throughput
and punish the relay operators for something that doesn't seem to have
been explicitly said out loud.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/