[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Why MyFamily?



Am Sa., 22. Feb. 2020 um 15:17 Uhr schrieb nusenu <nusenu-lists@xxxxxxxxxx>:
>> - risk reduction for tor users
>> MyFamily declarations allow the tor client software to automatically
>> detect relay families when creating circuits to
>> avoid using multiple relays from the same operator in a single circuit.
>>
>
> This should not matter if the operator is not malicious

That is a big if and impossible to detect automatically.
If we accept operators to run end-to-end correlation relay groups by receiving "you can trust me" emails
you can guess what malicious actors will do next.

Of course would they do.


The only way the tor client software can detect relay groups across multiple /16 blocks automatically and at scale
is currently by MyFamily declaration.
There is no "dude don't worry, you can trust me" flag.

And if there would be then this would be the worst possible solution.


> and like i already
> said an malicious operator will not use the same contact info or relay name.

We've had that already.

I know. Thats why i point that out again because now i am somehow affected too and can better understand what they mean with that sentence.


> But as long as my family is still a small

It is rather hard, time consuming and error prone
to asses group sizes without proper MyFamily declarations.

I am the operator of my relays so if i for whatever reason decide to not publish that i run a bigger family then this should be my own decision.

If the torproject needs these information urgently they need to force it for example with a relay registration or should find a better soultion which is not depending on a trust level.



> I think MyFamily greatly fails in trying to solve a problem

I agree, but it is currently the only option how operators can tell tor clients
about their relay group in an automated way.

To summarize:

Multiple recommendations (with and without configuration management)
have been pointed out to practically solve the hassle of MyFamily across multiple relays with a growing group of relays
without requiring to mess with all torrc files manually whenever a new relay gets added to a group.

Understood.


Using one of them should be in the interest of relay operators to help protect tor users
(and indirectly help with malicious relay detection).

Not proposing relays of honest operators for removal should be in the interest of all to help protect tor users but an opt-in solution for MyFamily which gets forced by random people on a public tor-bad-relays mailinglist is not the right way in my opinion because obviously at least in my case these people might lack information.
I understand that this is only obvious for me but then these people should think twice before they propose relays for removal.


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays