[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] seized relays reported for blacklisting?



On Sat, May 20, 2017 at 04:01:04AM +0200, Tobias Sachs wrote:
> any idea how to avoid the guard flag at this time?
> My only idea is to trottle down the speed but this is a bad solution imho.

I don't think there's an easy way.

If you set "DirCache 0" in your torrc file, then you will still get
the Guard flag, but you'll lose the V2Dir flag, which will make clients
running 0.3.0.x and later decide that you're not usable as a Guard.

But the stable Tor Browser releases still ship Tor 0.2.9.x, which
is willing to use Guards that don't have the V2Dir flag.

One answer that is still crummy but is less crummy than throttling
is to give the relay some downtime every so often, so its
weighted-fractional-uptime doesn't look attractive, so the authorities
won't give it the Guard flag. You could compensate for the downtime by
running two relays, and swapping between them.

But that's a lot of work. What is your goal here? If the goal is to avoid
running a thing on the Internet that scared incompetent cops might try
to mess with, then I would be tempted to argue that you'll have better
success (albeit maybe still not much) fixing the cops.

(Or empowering and educating the ISPs, and/or choosing hosting at an
ISP that is already empowered and educated. Maybe the people at OVH
would have some statement like "I could do nothing, they were cops",
but there are plenty of things they could have chosen to do to help
everybody understand what's going on, then and in the future. Or maybe
they did these things? It's hard to know from the outside.)

In this particular case, it looks like a bunch of people who don't
understand the Internet went berserk in response to Wannacry, and it also
looks like they're done going berserk in this particular case. It's hard
to know how to extrapolate from this one data point, but I would hope it
will be a good long while until some other situation like this, and also
there's nothing to say it will necessarily happen at OVH again next time.

Oh, and while I have your attention: if anybody wants to do some
historical Tor directory data mining, so we can make it less scary when
bad guys steal your relay identity key, check out
https://trac.torproject.org/projects/tor/ticket/22308
"Consider resetting wfu/mtbf/tk values for relays when they switch IP
addresses"

--Roger

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays