[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-relays] Guidelines and processes for our bad relay work
- To: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Subject: [tor-relays] Guidelines and processes for our bad relay work
- From: Georg Koppen <gk@xxxxxxxxxxxxxx>
- Date: Wed, 8 Apr 2020 10:06:40 +0200
- Autocrypt: addr=gk@xxxxxxxxxxxxxx; prefer-encrypt=mutual; keydata= mQINBFH3/woBEADHs/Q4t69Vm+mNMW0vH0Ms6HtjpzBsto/yyDAoLitmAxfMIeCuWuyuBdHR krdq9Rk5WQLYtP9eROGkuABK/UaxpLw8zkwkmqbxQ2wxytVwgonOmAFPXvPjzVy+ToJvKWJj tRGFoWwO9OEZ8q6xhVnwLUJXRQF01/XhBhU2RPzzUTHrgiY2bi6Ko34nSM8qAuidykqd/elI wE+kn4+TZ+yBC7pzwUfRK0bOqc05qtq5ooH7rYGpvdOkt9DuoFEjhLrBaL3UiP5J6D9W1Ltv 7Y239RGZyGr0wO5ClhuJwipnw6yWDt493cw4fOy7J1Lbo8dZyU4pnFIgt1Cu506/CvdQ53pR UHhCSIS/IyOiEL9PI/PPByG9UhwNQYk9U22h4MalPwa+4rZ1XA6mf5+T4QQRmghAnegPwyQw qnQzHc2ZPAal+Ill15AncyfIeMfuCLyA/TVWwQTQMzdcVwu3nljBfGOjOSTHOafBqsVlvgEo R9GB9OaTbriP7lCDJmBsgFFZ5F0m6us2pP72TpM0GMYCae7PHk7POhvcE5VJg03E3tjyQUQA zt5ZcpzjZtbcWIoYjxEJMq1Wzj0PYfZYFYZGq2lQx7xJ54gb+RlXEaKiXhDQH+EkrKZHBDWi atMbfkMWiknmn8O7VkuT4LOHsF1I9oJt1VTZ0dx2MVvk2hhs3QARAQABtCBHZW9yZyBLb3Bw ZW4gPGdrQHRvcnByb2plY3Qub3JnPokCOgQTAQgAJAIbAwULCQgHAwUVCgkICwUWAwIBAAIe AQIXgAUCUuzzUQIZAQAKCRCUNzqpS3wyI694D/90P74XiDzioGbNEH37W9P5G6unLUKp/zLf 5Ifosf6ijS5EvhKXpSXAqWu4eSpUh+i72Kr53SvzAIggWjUM61e92xt0bg4+VFaguMh6d9l0 MpDMfRJB+qoRNaDDyGk1VH9ZLBJOpTY59HcIIyg2LIMt1PHk+3npr0MnDfh/5fgyPvFRv9ZK WkKdwD4ImlqGXaxsES2pPk8tn21k7J4N8jzRAYM8oV9cMeeCbMgERilU2sRxNORs55zV6GiD A68lmwY6+OHjaKd0k+Oibs63PrTl1+P4EYBZTlXK9gSSWKiUydVP+2lQoyGVmuH0VpepEcnv zu06g+YU4TiH3f7t1chknGlEm1s872nyZo7Nd+zVDcIa4iklBMpeEsPDB6zRT7KBH+oCw5vK G+Ngjv3AO8hD2RTFHw8oAD8WPBbrOB2C9qSha/XSl7rjxTpqRillP+543xhQncC3b2x+Vk4C wlJdrjOvweMnM4xCEeg03WUeRz6a4Uuh6A9x4WZia+5Y5PrKG4GKPeBbskFdw6N0/10Gk1nF wpS42esKsrvqeltRLPzwFj0FEO+mole3y2f+iR8rJd/rik7AW9PM2YkhiF8kmcyh07GSjcCo qg7AkOJ87Bv2knZ0KYlukY5wBKK/DY55GTLGQ7w6kR/BzMOlKnru1e0+zvyZ4KijODEuaUi1 2bkCDQRdd2fNARAA129/1tcgz/gZRL9duwIxRlrN9VPMGHXs9WPjIIhbZ2xe6jN/ZwuyLIrq fM8MyzMkJYY9oDK6PhzpYkgMt7Z+s/rkFwOduxya4apwOI/gDZ//+eNiKSnXr5KA9rBjk7OF ZWEdT2/Y1u1s84o5SKVEH+N/C0Hum/CNawdldvxaviiF4DxGXi57NUIiI9dW1Gv2Mk7cCHwR Hew6BLLYUC0UyB/0qsZmVpxsu2P22wc0f5DU3ijVBOKlIWy4J49cR57glTB7KqbtZTaCSQpv 9SqamvP/BVyRg1Gk4OLPAC+kxzOWcosWThAUK7T3nlSxKEygQhZmT855l0J/fmsx0zqLL5gW 0vSV7hl6EIShhXUxIY7SZjKkPdzAdCHhAERRq4l2y41k8XEdXo8nYs2j8JaV/NFvM+h7DQOs IRExr7Kshp0gae3k6ZzhWHnm8E+iJKAOmagh43iYZFHb3c10Xg4XRjNoyxETQporYsSIkIzl 8VbtqywFqxfahxWWprePUyQhNhdb7+Xg4B2oAZcIzy15KVLtwgdopcob9KreO7nRFtlu+Wrt msnkkOqzce/XZ62PyFsRtQeaLGxwUSXBzCnpieOpRZWdx5F+c48PzEJoQxRPRbe9gXFaeRtZ erIDv/e8YLYlSkkKNkINGtxo9Olqu3/MzN2R22iCHvQNzh951XUAEQEAAYkCPAQYAQoAJhYh BDXNdMJKmxWhnhqBoZQ3OqlLfDIjBQJdd2fNAhsMBQkB49aAAAoJEJQ3OqlLfDIjQpIP/AlW NB1XFkzPB54vzoXsw9B6j0+4h6KMZKpqi06uATF34j2JMWv+xKhHsSlK3apltjX04VAhhAxQ lc3yfG2B3PfKH/Rw97/NEphNjsgqkwpGs5XWMrXlu+rIObz6rKYHtZ3wePxcGWGOizZ/yfZz Swh6iqjWEo7Q4aF0fQchAa4FY6+emg0nX9lvJMjLYXZcntz4pQ8jHLAsT9H8AH5yOT0BMjgP u72xZ9F77TdFoaoQ2LiBI/BKiN5WuLOP9NzowokRlOdUtC0kDwUzcv6LpR1qHq4d2kXssJUr 7mfVS0+EuT3XQWpNaInbiXgHcPn1C/GbqlTXDFICE5hxM081EpzEbRdneyFlInRNYMOKsiP0 7gEzm6LCG5ZK5xydVS4vCwENBDjYQQe5JpLEvLok3shud35R32muCZpDyJrYMbHQTpJ6pODO +LS1RaK/derXGylK/OT5IxQaAszM8wAMFQvQi+hGAOvF/vCvZ++so34aB258mJIFz7XKJPFO Bgfeqcz9YvrUwl6ZoQmK9t5fzYI3hRuUmRHUBBG3gBARvDTb32f//FEJfJ5nioaMClXw4Hoc jf+0Xa1DYJn/2Utjwr7HHQI6tLMDdI5VNc2L8V2axFjmmV3Sb3pQo1eT1bcNgjyuCht/WYEq CJvi1mOQRh0UKS/WV70ni0jQjlmn53ubuQINBF13aDEBEACwlExNzqrcYFVzkpWC8XKW0E14 sbecwjZGRTU7Eq0aZytEgRvG4ijAz3Bn9Z/tMTdL5a2GzGHhRx1oC9HXAGr5q9Zqz/B2Qyfn slnDN/cO6cKk5hnbIjQuPi5Eg5+oGeKGhClrRbI9OOuK0lm9tlUnAxkdOgmGz1t5FL6F+gWY M8Pam/kvvKJfqmPBtmsqSKW7ERGPZ27jqP7YddfB89UaDF4lsMkX3WTGe1gyL1CU2uFU9L93 FhxPDcUUzSntDjlVau2E7Px5sunnxVUZzM8kuCAJMg0LQ+AfNfrr0L8fOe2Z2cvkDr+efS0f VyA5+wv8svEuiRqY4Rrp5qNDiAvxAzO3y0c6gw9iYYqNnfQ7XbuiW+9Tuhcb+h1DJnR8b4YD VPMrfuga92Y3vdSNo+l3eelcvcGSxmSSZSgdqEZOmr4mJOZmXPNJUzMcdaX4jb1mg26TpntK OkR556Uot4kwfaP0m/aNqlRYergxvjXB7DYBDxWGmcDMnotfEBnTtihSWJruM56p5yddNjiw gbm07jWyJC0kI/r399KgBVXsSqKTDRpagwk3/zbYkIA2/NsENCQxp5zu6BJXdrT6Dy6F36Bc NlodzLRHGmqblZ4zCxoKnE7lmhJjr+mZzsWadyg5HRPDlQYATu4HEsbVYY590G2L9b6volHE 2Rc+T1diJQARAQABiQRyBBgBCgAmFiEENc10wkqbFaGeGoGhlDc6qUt8MiMFAl13aDECGwIF CQHj1oACQAkQlDc6qUt8MiPBdCAEGQEKAB0WIQTUttOn/VUPhD4MgOd+Q4tauRcwPgUCXXdo MQAKCRB+Q4tauRcwPh7/EACpcfyUg3rCO+YC5TO528m2aYLYlEmSsSsf/IFfst1jde0L+yuC klQIvvrylbUCutlG65CktxOAfig6o8DNfO/j4m7PADg1m5tALFKp8yWgUemv7NKc8Jl/3fM0 cgjBY+pu82QKcEmFcY9gt+C0gH5lmfBHdTKdycYJ/7TCbYgoLworKG58g9pNqiYkkBSQY2q/ XywoPrbyhRrsOmcty/uumOnpu9InDKjBxE/c3HmWTTxqr8T5caKrQdNXWkSjv5FzRQC95Ymi oQeorRnWDNSJ4UcmEohvs2m+9uWAPIMgcBKefVsKWxKK0CvZLq/tpjw8bgkpRqHL7fWXwwIF 9jH04psmfiom8pzS0fxqaVmBVUHj0PMqIimg74fUmoeJmhTR18rp+hdB3xPeX7Rq6c6Y8JDI kA7WSLx+kptHQ58YOAg3r14FoRR8mp94gDiEyQwj3bME9laBLSYKWjdkW99M5/BXU/MgaK5Q uQ0V2Dpfr753lnne+u44SS5AMc+WUVvvcwM5WdjdPrioSOotJoZGuGEU63WEHhAPb2DaEa0Z poXZIvFu14V5+0AHLgo5qsJMu2sWDO72kgx/f5bGZgpg0ubivgTmWxtB/1r4+ochKDyAJhol ZzonlhpiOLuve8lDjf2j6u2ztuKcHGDoc3LPuS8n5/KZ1FnNmplpM0TNnmcUD/9g8G2Aj4ah nUB5DJiPab2EZaoe6eufn1slNcPHAhBZyjftOM8iQ58i5HygrG48M9/zF5VQ55kc8etGN6cB L9XXrqZTcB354BcXLjrYe/1Atm3x+OI392WUi22N/BYzmMUDaB0vxh3wDO379TyoC9MAOY41 oG4YddBYQqHS1kO/CjCUlWGaG1qksowSgS1P6mn+6ZF7y90yphvo2CF/9L/eI9UsqLGfywji 97qXwBY6a38Ya2TrHlA/Qn0vepf6aSieV1SlDpFOGfeS1/tkKJgsRFZb91iI4Qz7Mex+dQQn iiG42+OwllkKFmE78MrjrspBON4FTFtrAXKGmPZqHPWFHUmSZAowX6XHK/GaEDX5y8KMcAje annxvwSUEtDtkbw4Zkx/s0uJvY2DisXjui6IybnocBp6GUSnhQRfU8kROkW3oVQ7qGNcqESU WFsBVKu+4s1fMa1KrYVwqG2zQZLQVQucIFPZFUUoEecTqaBLuQn8gxcuDMDo4x7l3KnayHdK t/PQWA08IW+NVgiRB8Nzjtbar1emzlwYd/KCkqoI4OpK+lzpjjijsvrzErTWN4jHTFk8v3pm RwN6Nq/n+uuSh7l66ZzGsI3tkw6TB365bOapmwH+QfcI40MVe0cizdqcCgyL/yyEcz0MZgoS /3KOe0GZ1A2SWewkOuVBNQF6dw==
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Wed, 08 Apr 2020 04:07:06 -0400
- List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
- List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
- List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
- List-post: <mailto:tor-relays@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
- Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
Hello!
There has been some confusion among relay operators about how we deal
with bad relays and who is actually making decisions and how the overall
process is working. Even though we don't have a document yet to point to
for answering all those questions (more on that below) we thought it
could be useful to give a status update to the relay community and
outline possible next steps.
One of the tasks in the network health area is to make sure bad
relays are found and excluded from the network. This should happen
according to transparent criteria which help relay operators to
understand both expectations and processes. Ideally, a document
containing those criteria would give operators some insight at how we
arrived at those as well.
Unfortunately and as I said above, we are not at a point yet where we
have written up that document. However, that does not mean that removing
relays from the network is arbitrary currently. Rather, we have some
rules of thumb and some unwritten guidelines which still seem to be
worth sharing at this point to help relay operators better understand
what is going on in the bad relay detection world.
A bad relay is one that either doesn't work properly or tampers with
users' connections. This can be either through maliciousness or
misconfiguration. We are relying on some scanners that check for common
issues to find those relays and on volunteers that spot things beyond
what our scanners target.
To give you some examples of issues we are concerned about:
a) Tampering with exit traffic
b) Running HSDirs that harvest and probe .onion addresses
c) Issues with resolving DNS queries on exit relays
d) Flooding the network with relays to deanonymize users
e) Running outdated Tor versions
...
Now, how do we detect maliciousness vs. misconfiguration and what do we
do about both?
There is behavior that we think is clearly malicious like tampering with
exit traffic or trying to harvest and probe .onion addresses. In those
cases we outright reject relays. In the past we thought relays that
tampered with exit traffic could still be useful as non-exit relays and
they got the BadExit flag. But it turned out that a bunch of those had
other, more subtle, misbehavior and thus we decided to be on the safe
side and just reject those malicious relays nowadays.
For behavior that could either be malicious or the result of a
misconfiguration (like missing MyFamily settings) things get messier.
Means for contacting relay operators (e.g. a meaningful ContactInfo
entry) are very important in cases where misconfiguration can play a
role. We usually contact operators in that case (if possible) to figure
out what is going on and help them getting their configurations right.
That means there is no outright force removal of relays that e.g. did
not have their MyFamily configuration set up properly (we know it can be
tricky). That approach is successful in a lot of cases and helps us
build a relationship to operators which is worthwhile as well. However,
in cases where we don't get a reaction or are getting confident that the
intentions of the operator are malicious we'll reject the relay(s) to
protect our users.
All those activities mentioned above are coordinated on the bad-relays
list, which is private and used by members of the team to discuss cases
and keep each other in the loop.
As to next steps: yes, we need to sit down finishing that document with
all the criteria we are concerned with giving some rationale for each of
them. Alas, there is no timeframe for getting this work done. But once
we are there we'll consult tor-internal and the tor-relays list for
input and make changes as needed.
I hope this helps to clear some things up. I am happy to answer
questions/reply to concerns on and off-list should there be some.
Georg
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays