[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] ExitPolicy reject *:* ships commented out?

There was a version of Tor released in the development repos that included Accept *.* in torrc. I remember seeing it but have no idea which version it was. I too think this is a mistake. If casual relay operators are being shut down due to a misconfigured torrc, Tor will suffer more bad press by media types who have no idea how Tor actually works. We want to encourage Tor relaying no!? The more relays, the better the service.
I would also suggest to any devs reading this that some kind of pretty looking auto-config needs to run the user through the physical details of the connection and then configure the torrc appropriately. The average random who simply wants to donate bandwidth isnt going to run through the whole torrc and make sure everything is dandy before sticking the relay online.
I can think of many competent, intelligent friends who would happily run a relay but they're probably not tech savvy enough to ge the torrc just so for their connections. 'Plug the wire into the grey box, internet happens'....

On top of all this, if someone if wanting to run an Exit node, they will likely be the more tech savvy types. People who have a VPS etc. If that is the case then they will no doubt be able to configure Accept *.* in a text file.

TL;DR version, devs please uncomment Reject *.* in the default torrc on all future releases on Tor. I really think this will cause serious headaches for well meaning volunteers.

Tom


On 31 August 2013 19:09, Gordon Morehouse <gordon@xxxxxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

The friend was upgrading from Tor 0.2.3.x to Tor 0.2.4.16-rc.  I do
not know whether he used a tarball but I think it likely he used the
Tor 'experimental' repos as his VPS is Debian-family, and he said "I
couldn't keep the old config"; thus debconf likely presented him with
a choice, he accepted the new config, edited as far down as he needed
to turn relaying on, and that's it.

Since the default exit policy is for a relay to be an exit (without,
even, the benefit of ReducedExitPolicy), his VPS was shut down in
about a day as he'd unknowingly turned himself into an exit node.

Partial user error, and partial - as he would argue and so would I -
bad defaults.  This guy is a software engineer who had a derp moment.
 I wonder how many less tech-savvy users may make the same mistake and
then have a bad time and never relay again (or be subject to law
enforcement action, particularly in hostile countries).

David Carlson:
> I am confused by this thread.  In fact, the specific downloaded
> file that the OP is referring to is not named, nor is it mentioned
> whether it was installed 'as-is' or with a modified configuration.
>  Then a follow-up message refers to TBB, which is not even a relay
> package. David C

-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJSIjFZAAoJED/jpRoe7/ujkPwIALCTA0q7/BAxn3E9cfQdjqpJ
SrHJGXMmIgQlmC98b1VfpoUmmsaz8dlhHfngl1CW230exhMIKLbkXOMAlzlgIowP
YfyMmdTkcx7fWg0jvFYUGMEbJP1k5thN+IYWJEQ1Myh67UTgL8gsclNmT4utH4bu
96COXJLW8i20iegTmh8qMqEQD0au2bj0Y0iI/dNRqHEF2U/XOIal3yE7HDAUUWPL
VlmHWOrh6uuKKCp9/iOrmh0ZzVm1TQDQ2eYVdA2ciLHpecAXIIyRFRtXceZRm3Kh
7HNqosenW+9ecszGkQc0XZerCVUI/bWAfv1EmrgYbz4PNjZlzCy/RNfc91EgiDU=
=IdH9
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays