[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Malicious Tor relays - post-analysis after two months
- To: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [tor-relays] Malicious Tor relays - post-analysis after two months
- From: Mike Perry <mikeperry@xxxxxxxxxxxxxx>
- Date: Tue, 6 Oct 2020 08:23:15 -0500
- Autocrypt: addr=mikeperry@xxxxxxxxxxxxxx; keydata= mQQNBFIvu6sBIADC1JsxXSWd1k+cHamS0L5/dfcGQ3AaVbTAM+82JEO5drL3E5xD9nO2KujN IRqYClCt395S9zIZuMPTo+r5UtKQhP3g+ZxxTuZeYu0pH/7iewyE477oQzkPp04rwmMpmPxv gov9jVmtshoVu1ae+IgIr0AvcIApIcUy7q4+yT9TJwVrvF/YxJ+rUIVIZc2MkisxmSaE4q45 w0kUYxnCW0FUiO7T6G1cfRhTnLv0NipfOnpKnqm1PEwZKru7JiopuSPK1gRpdsOzGSVk8OFm uojFkl4rymA1T+HOEEA7xyD8ZDpuedGtu0JM3GFS29/4f6qoEBTQNV2OaSKB89a4KI+BFwVe 9XuLEqaeYUd2RPnQhanTWPO0s3+K5ccn2TnV8HBEGKJgU7EKuWy++k2Svspt2oAqPip6GKrh P66i40p1mcKjcVywVB7NmyR1pse/yKInzmuuuD6csFbOnPCUYVwPyyjEC5IpqZe5hPszPL1X XUwipxk/pDyDI5KzKYJxR+wuPTY9YV3tHWE9FyZDHFYOHgpQVDxlyiBxDVUHeI6hu39WzUN3 yYAssaRz9GaqQEjp0iN++X2BMmmgjkBrHSHpN7mbjtf84hMilQ7McWOeQKudedE1/z65TheU tiYS60Ybq4FIv9FOrHJt/pzHPzuv7jcdOlsLl6SbWkwwS1y+GmMRpND58ZeJMTStHcZhWxxu 9DC4fNsTEPHO44yxaIdJYkasawcf87gPSYrqeUJP/1xJDwdzzPY6wbfXQJg7w5j8qlQ7lomR uU384szOvjaN9QIboR6zvxPVZcGcUX40BVQOlglHqBIchVQQ2vROs2wkvV9qSfnauBKf8dM/ LKUgQvoNCSHqkmS+siOij19moclsvH7xRgfft3WhMapygCBNFNLRqw5iXJwlWQZ4mvwbro3K WelWzm5FqQdCfP2fMA5n53bCcOS308KllDAFK/Ljnm938PEyh4rNA9eyEazCA9WCuE+zEeIM gQPr1K/lFgGldftL7oWAtfCae+jYWyXS+1zAxEQ3QGqHLmUDYumzc30paHaGeapldkcySOc9 SLWDdpvH0V91vU17WeytQD9pGBUNURc+/v1ZNG7fRm+Ulp6K0i/eh/3rKWybx8aanu3YvcNP Uyom/CA5gBmzIATlhD8vpc95YQpV+Jv4TN4crD0EIUZDzzv1Eg5Pix8qk4R4jZ81oVvvqlOA FYq96SyPWGUL5mAMrGD+RSmzLpTNH8LUEIQ7RosFQjcHNFzF6sPuG7HR03R/aNdexFqfjsK/ qntSk+vL0jtu++lp18U6UFxbHQVr32vxFybNJwAZCmK8K+Ur2kezKkWqcQrV9jXNA4IAz+H+ KPRi2+T3Jss5ABEBAAG0N01pa2UgUGVycnkgKFJlZ3VsYXIgdXNlIGtleSkgPG1pa2VwZXJy eUB0b3Jwcm9qZWN0Lm9yZz6JBDgEEwECACIFAlIvu6sCGwMGCwkIBwMCBhUIAgkKCwQWAgMB Ah4BAheAAAoJECmEazxoNobMCM8f/iLOQEZk362/aUixdi/BBli1dTNjzQBU61lt4xo2U9UO CiR5o3tcON4eLboUNt/H9VNFGgc3udwtG8fI3LcI+OhCPobVVbsZQO44cN8+FOx0w1iD4DOv Vhrlpar+kIO5KOpf+zo6nkfd6WxaZQXziqTVWEeQbfvmBnlLx+ea3C9xPWOVVbesYFVnRSLD WLgIo3HGhXjQBJ4dGvJULbBdQueEfZpSG7pscFITd3QX9Wk3N27CoYt66eM2YCl5vN094p7f Sn+2w0SZXYte/rqcklvSE7uH7h0K2eqdg+uwYkkq7bLXEamgbcrVZwsFNLH6zgVZtzkJJikm qSPwHq88cgclXWne+MdAjEATa5YKPfjnX83dgJZo1N2fgtqRf6ieLnhWGPdaHPENDnU2ADhG QKADXqM4h1HiY3giS66eVzYFUN0yOrL7rp8d0ePzxZLUIxJN/fdIGEIEjuWciW4i8VLlIQDU GEDs6ULYhSmc86bd3eVSpEEi562f6knj/TZelcxu3C+CHTee/961iaefd5c+Mp5bIt+VAC5Y HyZ29MUX8GXfiQdbtuJGOrrBT/V99SvyG2Rq8I+6v0oE7MeU7QBU3LzWsZfZvQ3APOFth0d4 fLqU9H/TQAt+8lK2xcHynz7I6JW8xi6iLvA+sftb7vdO0WGOaFbHfPeL7ErlVMMF8W5ed5gT BimRm0PxV19Rq56y6v8B6DoGg9u34JetQ2odUiAy2/ttqfGohYdGSzBuP5VamF25tBeTYChL gW6L6utARQtmf8Q2ONdyPzNStrv6rVj2bMwtuPurBIx727LPgaUO6ZUMo7lC59bvR2pn4vEv x2aXdqjL3dfNs5UJ1UEvx0PNELFHZ5bStpMt3fGgh8ZDgcUrzsY9ine60qR/ujCLLMrD8RmZ ezT4/v0CkF0RJ1hEW4jjCaOT/an4dVxnqIPoNc9g/msTmYHEQusGrrVx7cmjy5ph/HJe83tq hv3TUj2UYwIllKpgTP0azu9xIvVH3qAWgnHdonSJCQi5GjPN3h0Xfk/9+nywP4R1YIuMehmZ o0RQk96aPhds2C14bBykh4gtbuVewuj6GlciAtO7VZr/ZKeAaO5gph7XVC+4jxhdsTOSYDi+ uMuZ48NmkZQRTIA82O3GagTa3WYuu4JPPmSn4C6zAZMLnpXL6gLGDIQ/HlJht/X/+ZduFB3U mfnQEeqo0Y2kxgqvpX9p4oMHKw5nkOb+T1r/f5ulGX0u2z2pPobQLas6F13wRKvg78cjbVES 7BrREwl+egljA2xEh0NYjR8y8U4bpZrseisbsju3FiaVXW/YxEVaXFdIqA9chkYBn4hNmyup hfdiSwmfhxuCFeOstFwTB0Kp2AG5Ag0EXEe6fgEQAKrVAiP+shXz6sco7hR7Vc8JmqzrovjO u9A2/q1Yr7VJy8l1gNuJJ+EcpA6cKzxMnKxjFvpX3x0bov12YSm1ZpZxLTUS1YaeZLLesFFV Aj7ziXdzcQI6GyaNScDv73QyXa196CptQp+6WKK1aZVW4lU9mhhDcdduCG2hE2bmzDWdW25t 30WoCG5iO4w/Hxrw/T3ZQxgVBN1TDoHCzHUTJUh03kLg8KJn7IZjpS/KZlesZLUkh1RI8AHU DP40gKGk2X13H9agzJxtUTG7dU5TsmPaU7PJnSG37cjYjAyRHOrclz+pWmdofUA7lPqgRBYL NCk/K7dOcinzUC0AHLp9fsMvL2MhQ/rb/9XTK4I/H92z6C/6rzw5Sg7klsdgUhOJZENwV10I XKyQivU4KbgGfJBVQtjBRrzkgNqdNSLjmNcWrBSOQF83Q5fJsljyv/iEYrO5EvLi6+vdZ19a uToh2ZPRnKpvqbLnty+a1MdRdGTcZCfg2yddXz+h4vUTXQ06Ao/g4CU8akTPgjuS4rhgJaVT +6LDWxZT7uWhzgkEq4S7PCJEOlqYAPA0MMAdmZpCs9kTMSsLZDKa+3k3akHAtS1hcwSVsBjH Rox9WEEQZUm2Zx2hoJvwOHwZDGAI8UzfjTU9FoZ2plN9Gv0RiGvgsOB6PFb3ntLdeasLof4C zGK7ABEBAAGJBnIEGAEIACYWIQTJY8IdY1ZOKxC7M1sphGs8aDaGzAUCXEe6fgIbAgUJA5mI gAJACRAphGs8aDaGzMF0IAQZAQgAHRYhBPQqJYRmijjH77zXwmYN3mRe7/FWBQJcR7p+AAoJ EGYN3mRe7/FWCEUP/jHi0SxdB2uRkXBqzYOBKo/EGF/PEX688jKRJ2H8aVopbzlSmKC55zR0 oQit6x6VdBnUYCFwoK+zjTrNwwfMrW2DjgzYUZS0D6RZuarKY908N+06dTrGpasMAfiJzQzs 7ZfhKzPdspNaR2qtz7yVrmPd5vFeVCF2/8lL0Ivi/m1JJULuIErCY7X8gV1GzMZMQv0OG9oS suk4/oR3sL/+e/nqpH4hHkuYtLLIcmLL5OqPUu2+pRIxYN/6KOMsM8uB0xgiMRPti+U3Jaoy TJXrSz+m32kbhYJ1MCD6nKrkAKfsVSnFAcFPHoa5v9e/I+lCHCjvrWa/Y3ay4UZaJfwOGvMI 90dX/yvECxO2pi9U2zICErTNxxTTHbkxu8sR7lR+NPPFsr+WO4snJ4/QVXgIMMROat72hkNM sRmkG41aqdTmTlA68YlAa2LaVxrcDXzpj8ySWKz6ZlGWHnMR1Ul6S0quoMKh2jCBGCrap7KK TuhjP+YXlj8IpQ0NZzw9gDzCzgqTdgImAFpQuCQYigY5tAT3eWSnD39aKMEEqQd/tdJI2pWw LYI6qKK8B8kpyjRfQWm2Q8GrBfskwlSUmG3mZThD6ad2rCIO8HGNPgP983MZPhdOf/9Kah2u ItURUwnp/4PZ64hAUiNR8NEqYo21GUwzfQQuE3WJNY7O7hN7DH4E0dIgAKTFNZxw1kMByMUH 6hASEFEY8TiZkIrcM1hF5yY50g0gspaORca/kXx8EisRAIyAjwI8UP+bxJxZbqyupjNxwkG0 +2vOV3RDdpx74J2zZHSkl4my2D8mIDPVZM7tb+L5vUaQ9H7RIMjNRQY130wyMqNmkZDVOX9q YEBQagXkcFLm7ieQk7GRurE5KIaq9STLOr9nJWBOxgGhV95O1TNqkvcmNaLTzSXMeQiGwnvX Bw33jO+sNHHSjmNZVcglGirDvoxXL3EcIAakJUaGn0vz15Xg1fLA0B6d7IgQoPDvE1Pr6mFh f/J/KZuvq6aaeMZ1xuB+cEem8XNSt1kfmakaLIvTXDJ3z+2KDrjj2koAyStRb4vdfoVelEu9 5VLWGLJKevIMWbmXD4GhGk80zzZe8ouu67URzU6vg3/ck7MN7OGfWruV1c/U8EoDxYxsRJX1 HmMqQg08Nz9zbCFvj7iTFDFCJgJKMbVkjm/Eto1IORWAoTfsXZtOyynk1JhGcm0OtnWf4VhX SscB3PiqUEHSsbvlqxZBPa6AqKLwLLSApg9xxBOn5TMPVIqrnXAdulTf1zhZnSrMHCioJvgH lnQyemVMyjIKkODDXTIwD8SmzfurDmYuRT1XRelEEUWY79L8+5u4R0dCMB7yEU+s10aU8xb9 0IM0qxEczW0uvE1Lhx0POOAsQ3YsCkbSgLIIhqnsLYCeuFN/r3yGiP/m/s0sTJ54P1nmi62k Y2665hexM1xm4ngjo0KxpxJ6fP4w1YmaJdUt3aR/oompTcn4TMzcvJH6jCWaXsl0n/8q3AZQ 5C6CD3i41gioLWk+gNNrtqOai1cCbq1Jz7V3SYCpjLMAXag/iVndNJ0HZrGNrBvGz6L2CQdc Ql+Mnx85MmzOyJTygw6J4IvXtQIEY5w7OhrKqx3iVR0dD3N7DMbAy3nq+kBLM+CYoEWBQ6Rb UNVZi0ROl4gn8S0Fj5WRGqmfVvlTzkm6OsnoZ/2Ckas2geBNOqFY3SXKFUfnDRUkI/X7yxrQ yakAIzZ3AW0Ul44FYIBrxSPrzsxz6n2uY2Y6aytcO0KmPMQtRhVGPl+L8jKoaLkzV1TLDHVf GimcRS3gTfI1tqn1T5+tjG4MQK8KW5Tx+v/TXIe7jy1G0SyxGx5IYWRt+AuxOy/atH4y/01h 7gQWTeIjMYMMgbdYjOweUYYqdCeK46dra3Wnyy6ToVnvhRty/ln8sYM9ig6CRcXqNNzGd/hf cccClLw4CBe7WX+dEn+V3ZPuu7P8Rp39AYJd8o1fVFG2OHBKTSuPOYNz7iKtH+Y+i/1A1Vml kmO8+qHTFGH4LY8Jzp4qJnxKVTBhb34R2OEoJecp5GfHIT3Dtcu/dBW5Ag0EXEe7EwEQAMod q+H9wWcEjKkwd8KhyWoxJYwLOR0SKWLemSOtRhsEuQwi3pv9UoJBwGBKpdV9UYUvAyFf0vg4 tBI52LPsStrgmci57YuIf+SykL4BaW+mrvz8MSNsMNsuB85cCXPeHZuEZ/Zt59eLi96qXOiw RsuA5tCg/A4ldcuFQ5G0FXcV7AGALVjdsP7VkgUcgHKlqPrTP30N0QbYOWnkPUtmVZVJ5NPW DfOanVJBz8z9KOJ+vHkurG80XPJbL2fXSRrzG7VDJXX7s0dl/0aviC1WYRJpZ3FV9uK8TJiR Fl3cC2x69g9OsUcHE9AQhKhCtpNdTm9De+HUr4hM9O5PAhLA4XV/FPoOb9huMiSk0CLPXPnP vL4f7RoSZOhRVshO8jpZwUH2SaRntqVYffFbGLPyNpYdh1uFouvfEKZhMjeLq5BiATA2CARX UjVVhB24kQ0peWE/kP9JFcoA9YHn6HZUHYlhpHEWPb6dwCzs2VbQEdbMs2Wd3+VlAz3zt83C 3WDha1BrffCbquUHlh8l37gpCoFOMXLrL7+I87rbm8MJQ4KuVGN5J6sTYF25UqSVrU43HbsB p13xoYcYEhIskDVDYgipXEXwVq9AQUDhncZhl5KxQpD0Fw+MV6GASk/fVYq2BENGgXzpUN0e 5j7+EHhsI+Y+RdIU2hfvH65mm/HOQziZABEBAAGJBDwEGAEIACYWIQTJY8IdY1ZOKxC7M1sp hGs8aDaGzAUCXEe7EwIbDAUJA5mIgAAKCRAphGs8aDaGzNsrIACSf+4SpD6l2LmBUXgq60vV OWvFOgP/2SmY7p44CT5haZDZZw5w4JylXwnoKrIMe3Z7QtqBs7P7rFlFOqt1yyyb7sG6ryD1 agCoXyo5X3yqqE6mR7V7GFyxdZfCAMqMTX0oyjfxL6ByBA4FXCsl9SHEY4b8Po6jexmJCCQj Ehw3sTwNelt10cTS5iWK/ZCeQP6e31ZeR12eH1L0aTOL4FiUk3dWGs/veBT6VMICOZo1aBMz hW4+b/l9GxmDXhdaymfy3+VSqQDChf9mto2okvsz7pH7cdDS0fgJX7oBxRI/CKxl0vXFZt8K 4fM/W/dOHSzpG49SJjKKIm77DvwUk9xGKY6Uan3JmW7vp9DX4lmfQXOgRH+YLoONKeYH50Vn HGH3WW9/bxqIJQ5GiJ1G6vB7mYQRD2OAcUoh/b1WcXbY/LgKD8ul47PCrO+y+Nd/CmnYLNUW Ha44e4q9eega+KCpdq01TPbIQREBcZZBidXSe76l9kfJQoGf6Y07Xmj1f2UXQD+8m24lOrNv apKov3qzWkeaLUQ4ndeKQ3Zpfe+CcMsmqW7qjAKrke21lZSJd5rQrPv3WQNOlDsZuvnnF3qO dMKnOkoxyT2VWllv4SCu/1uSHB9ClS0Q65MccxhizRiSEdvikHwC1rEz63Djj8AYZ/iWP2/X KvLS9tm17aQ6mdyiYT7JyiTlOpXTOr/sZOoADwEWR6YJdcv5sPKQiq3i1h3t5rNiOzqxqlaq qZoeZKKUMzIFFKRMVuyyrRBLyyGfBZ72PmdYpv8eoxqpb4ZQM2ruJRm8BzKIJi0+IkKy92L2 bRecd19tekNpgcl3NtIBPDc11MgID1QUIR+yRZ3ZJjl6KyJ+Sc83DUylJ/MsahJpGxpaO69X jscxGf1dswUMgn7ATAM1y44hlNtE6hW4dao4pn7OuUWeS7wmW+60DTdCTKMKo6OO4oqK4png BAFLv6Vs/6Lz2HCt1HTpWo87Gxrmz/5d1pzB0WhdOWDTniwJ/svLYFRkQS896Ga2hYLmx7FH 077ncZyEm8714N8btKaRFKrUXiksh8Y85agV+jkBT00sh6D2TBxGGU6LuiWylsBG3Ny3gAa2 aVMO0ONDCz0xGaunzLUkgbBRJDidhSNkmyY1mfVVOI8fBc2Uv3HtFuEikik6W03eerA65jyb uzCjSUAfUbhD4W3AnbrvSKZMUX+kdgcLRuRp1PTlX6NTj2HiC6p4EDzTuoHPL14m/tC4fCHv SKrd7SJzuW1offy08qsKGy+Nho9OmvWS/NYIpLpz4jVzrjxWgCGI8gSnK54U48/F8HLc2U+v Iy12h6NEUVyIqGVd/UbkDn3Aqx67gHaqBoYM5OxeLCd5Pu5G
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Tue, 06 Oct 2020 09:23:33 -0400
- In-reply-to: <86f1c4c7-90ed-a26d-350d-3b6f60ef0521@torproject.org>
- List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
- List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
- List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
- List-post: <mailto:tor-relays@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
- References: <20200928210041.GB66837@mail.blenno.link> <v-Lefb6gnLFyOS0pg6J03DGKAmhUYKVDC8r2yRKWcnqew0XKGS7ievY0gBZ7YSFNyOOZ4BIoX3MSYP0ecbduZQ==@protonmail.internalid> <VB4WQre7UnJqicK95V3JyqrV5jB2caFDrq3WRTzre-mWTXijDrEVnjw1vb-fy6pS0QVW4h7qr-TXBi3Hwnakvg==@protonmail.conversationid> <07d5a9b7-cc3b-795d-a410-53165f63fb11@riseup.net> <ca4a189a-c448-d83f-5957-5c1c9fc63fb6@torproject.org> <INdNMJVjNPk8qwLizsDF9w3QRfejv-HjLYmUzYxGFtfdlRh5EEncfMeZqs7LIICjE04llMAuhzO4XwCGN53UeQ==@protonmail.internalid> <86f1c4c7-90ed-a26d-350d-3b6f60ef0521@torproject.org>
- Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
- User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.12.1
On 10/5/20 9:15 AM, Georg Koppen wrote:
> Mike Perry:
>> On 10/3/20 6:38 AM, nusenu wrote:
>>>> Me and several tor relay operator friends have questions about
>>>> Malicious Tor exit nodes. How do you define a node as malicious ?
>>>
>>> In the particular case (at least the initial detection): Traffic manipulation at the exit relays.
>>>
>>>> How bad is the situation now ?
>>>
>>> This group [1] is still rather active and at this point they run a 3 digit number
>>> of relays, but it is not the only malicious group that is active on the Tor network and
>>> might not even be the group I worry about the most.
>>>
>>> [1] https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac
>>>
>>>> Is there any other risk than ssl
>>>> striping ?
>>>
>>> I think so, yes.
>>> The good thing about ssl-stripping attacks is, that it is easy
>>> to protect against and easy to detect (if you are aware). The catch is that
>>> most users are probably not aware.
>>> So when compared with all other types of attacks that malicious relays can perform,
>>> ssl-stripping is probably not the biggest worry.
>>>
>>>> After the long
>>>> discussion on the tor relay mailing list, what will be implemented as
>>>> a solution ?
>>>
>>> As far as I can see, nothing will change/be implemented in the near future
>>> at the Torproject or Tor directory authority level.
>>>
>>> for Roger's (long term) plan see:
>>> https://gitlab.torproject.org/tpo/metrics/relay-search/-/issues/40001
>>> linked from
>>> https://blog.torproject.org/bad-exit-relays-may-june-2020
>>>
>>>
>>>> * is there / will there be things
>>>> implemented as a conclusion of the "call for support for proposal to
>>>> limit large scale attacks" ?
>>>
>>> Nothing came out of that thread.
>>>
>>>> * has it been possible to prepare / set
>>>> up precautions to avoid this king of situation
>>>
>>> I don't think anything has been implemented to prevent or reduce the risk of this from reoccurring.
>>
>> Unfortunately, our OODA loops[1] on all development and funding actions
>> are devastatingly, catastrophically long. This is due in part to slow
>> funding cycles, and in part due to an internal debate over Agile vs
>> Waterfall methodology[2]. I am in the Agile camp. I believe that Agile
>> will help us respond to things like this in hours, days, or at most
>> weeks, rather than months and years.
>
> If one has folks working on the topic, maybe. But that was and is not
> the problem here. We did not have a bunch of engineers who messed up
> their Waterfall model. We had and still don't have (as of me writing
> this mail) anyone being assigned to work on that.
>
> So, Agile or whatever would not have helped us in that scenario.
The waterfall-style RFP is exactly why it took two years between our
discussions of the need for network health work, and our ability to
allocate staff to it.
To do the conception, initiation, analysis, and design, the performance
proposal probably cost the organization somewhere between $150k-$250k,
if we did a full accounting. We also relied heavily on volunteer
expertise and input.
This debate has happened many times in many industries. Here is another
example:
https://omgrfp.wordpress.com/category/omgrfp/
The Agile world is anti-dogmatic. There is no one true Agile. Here is a
model that proposes breaking up the RFP phase into an Agile/Lean style
discovery contract and main contract, to accommodate waterfall-style RFPs:
https://www.agilebuddha.com/agile/agile-for-fixed-bid-projects/
With an Agile/Lean discovery contract, we would have had resources to
perform some prototype discovery of the scope of the network scanning
problem, and (re)ran some preliminary MVP scans ourselves. Instead, we
had to shoot from the hip and wait. Meanwhile, evidence of the exit
problem's severity was not actionable by us, due to related org and
community issues of overwork and stress.
That Agile/Lean model for contracts parallels the Agile model for
development, as previously linked:
https://www.seguetech.com/waterfall-vs-agile-methodology/
On Monday, we agreed to run the development of the performance contract
in a more Agile way. Unfortunately, we still have to wind down the final
deployment phases of other projects before we can spin up network
health. We planned for this in the performance proposal timeline, but
that doesn't make it suck any less, given the reality of the situation.
Nusenu: please accept my apologies, even if the org and community will
not apologize. I believe I understand your frustration and your reaction
to us.
I was once in a very similar situation. As a volunteer, I wrote the
first Tor exit scanner back in ~2007. Back then, HD Moore made a
metasploit module called Torment that got widely used to deanonymize Tor
users using plugins and outside-browser proxy bypass. This was also why
I took over maintaining Torbutton, to update it to disable such proxy
bypass avenues. We ended up getting funding for Tor Browser, but never
exit scanning. Exit scanning has, to this day, been the work of
volunteers or something that paid staff have done time to time, after hours.
Anyway, thank you for you help! I will do my best to get people to pay
attention to your work while we unfuck ourselves.
In the meantime, please keep scanning!
Thank you, again.
--
Mike Perry
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays