[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Recent rejection of relays



1. Asking all relay operators to list their email addresses in the public relay list is largely equivalent to asking them to invite tens of thousands of spam emails into their inboxes and having to either ignore most of them or set up aggressive filtering rules which can easily bounce legitimate messages. This also opens up a convenient channel for "adversaries" to harass or even coerce the relay operators.
Contact info isn’t limited to email. CIISS currently allows⁽¹⁾ even a Twitter account or an XMPP JID, and in required fields you may provide a home page URL instead of a plain email.

However, email addresses exposed that was see nearly no spam. While I see the issue and I am happy there are other options, in the current state of affairs I am less concerned about publishing the email address in my ContactInfo than revealing it in this particular message. Neither is very attractive to spammers, but the latter may trigger some people to spam me to just prove how wrong I am.

2. Middle relays can be used for attacking and the only defense being "list your email addresses or else we'll kick you out" throws a sizable wretch into the credibility and technical soundness of the whole project. If the "adversaries" are capable of de-anonymize tor users by simply running a middle relay that by design knows neither the real sources nor the real destinations of the traffic through it, I wonder how hard would it be for them to set up an email address?
You are assuming those are adversaries, who do that intentionally. Instead of nodes being misconfigured and their operators not reachable to resolve the issues.

For adversaries it is a noticeable cost. Deploying 500 nodes is cheap and automatic. Hiring people, to respond to email in a manner that doesn’t instantly reveal they are call center drones, is having neither of those properties.
____
⁽¹⁾ https://nusenu.github.io/ContactInfo-Information-Sharing-Specification/

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays