<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><a href="https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac" style="font-size: 14px;" class="">https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac</a><div class=""><span style="font-size: 14px;" class=""><br class=""></span></div><div class=""><ul class="" style="box-sizing: inherit; margin: 0px; padding: 0px; list-style: none none; caret-color: rgba(0, 0, 0, 0.8); color: rgba(0, 0, 0, 0.8);"><li id="bb69" class="nj nb nr vu nc ia nt nl vn ib nu bv ne nm vo vp nn nf il id vq cs vr np nh vs nq ni vt b" data-selectable-paragraph="" style="box-sizing: inherit; color: rgb(41, 41, 41); margin-bottom: -0.46em; line-height: 32px; letter-spacing: -0.003em; list-style-type: disc; margin-left: 30px; padding-left: 0px; margin-top: 1.05em;"><span style="font-size: 14px;" class="">There are multiple indicators that suggest that the attacker still runs >10% of the Tor network exit capacity (as of 2020–08–08)</span></li></ul><div class=""><span style="font-size: 14px;" class=""><br class=""></span></div><div class="">And on this one: I trust nusenu who told me we still have massiv malicious relays.</div><div class=""><br class=""></div><div class=""></div><div class=""><br class=""></div><div><br class=""><blockquote type="cite" class=""><div class="">On 14. Aug 2020, at 19:12, Roger Dingledine <<a href="mailto:arma@torproject.org" class="">arma@torproject.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">On Thu, Aug 13, 2020 at 03:34:55PM +0200, niftybunny wrote:<br class=""><blockquote type="cite" class="">This shit has to stop. Why are the relays in question still online?<br class=""></blockquote><br class="">Hm? The relays are not online -- we kicked them in mid June.<br class=""><br class="">We don't know of any relays right now that are attacking users.<br class=""><br class="">Or said another way, if anybody knows of relays that are doing any attacks<br class="">on Tor users, ssl stripping or otherwise, please report them. I believe<br class="">that we are up to date and have responded to all reports.<br class=""><br class="">That said, there is definitely the uncertainty of "I wonder if those<br class="">OVH relays are attacking users -- they are run by people I don't know,<br class="">though there is no evidence that they are." We learned from this case<br class="">that making people list and answer an email address didn't slow them down.<br class=""><br class="">I still think that long term the answer is that we need to shift the<br class="">Tor network toward a group of relay operators that know each other --<br class="">transparency, community, relationships, all of those things that are<br class="">costly to do but also costly to attack:<br class=""><a href="https://gitlab.torproject.org/tpo/metrics/relay-search/-/issues/40001" class="">https://gitlab.torproject.org/tpo/metrics/relay-search/-/issues/40001</a><br class="">https://lists.torproject.org/pipermail/tor-relays/2020-July/018656.html<br class="">https://lists.torproject.org/pipermail/tor-relays/2020-July/018669.html<br class=""><br class="">But the short term answer is that nobody to my knowledge has shown us<br class="">any current relays that are doing attacks.<br class=""><br class="">Hope that helps,<br class="">--Roger<br class=""><br class="">_______________________________________________<br class="">tor-relays mailing list<br class="">tor-relays@lists.torproject.org<br class="">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays<br class=""></div></div></blockquote></div><br class=""></div></body></html>