Re: [tor-relays] >23% Tor exit relay capacity found to be malicious - call for support for proposal to limit large scale attacks

[lists@xxxxxxxxxxxxxxx]

On 09.07.2020 00:20, Jonas wrote:

> If you can detect the "bad relays", why not simply flag them and move 
> on?
I agree with you for publicizing bad relays and locking them faster. 
Personally, I blocked some exits in my Tor browser. E.g. these expensive 
high bandwith (unnamed & without mail contact)
https://metrics.torproject.org/rs.html#toprelays

> A few concerns about the proposed plans. Putting a validated email
> address in a public field is a concern. It becomes trivial to scrape
> the address and spam the relay operator. Personally, this is a problem
> for now (2,500 spam emails in the past week).

However, the validation email address only needs to be available for a 
short time.
Many providers require that you have an abuse address for an exit 
server. I have my email not obfuscated and hardly get any spam.
And when I get some, I will change it. ;-) 
https://metrics.torproject.org/rs.html#search/TorOrDie4privacyNET
(greylisting, amavisd & spamassassin can help)

> Require PGP/GPG is silly. It is a failed system and is easily exploited 
> to find all connections in a social network map. Even the US EFF wants 
> you to stop using it[1]. The system was exploitable for a > decade 
> before users noticed.

PGP/GPG should be used here for verification, not for encryption. Every 
Debian or Githup package is GPG signed.

> With this scenario, we are all a single legal request away from
> a government agency having all of this data. I understand the USA and
> EU abuses this system constantly with secret requests. Police and
> intelligence agencies already have thousands of idle shelf companies
> waiting to be used.

I am sure that they have direct access to DNS Whois address owner. And 
the address lists of large providers (Hetzner, OVH and Online S.a.s) 
will have had them for a long time.
Old rule: 'follow the money'. Anyone who does not use Monero to pay for 
their servers @ provider is known to them. Combating terrorism and child 
pornography makes it possible.
They don't have to come to the Tor Project office with a legal request 
;-)

Tor Project has my address and bank details for a long time.
The people from the CCCCologne know where I live anyway. Ah, and 
niftybunny too.


--
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays