On 10/11/20 1:17 PM, nusenu wrote:
I am losing patience with the "let's play nice and let exit IP addresses be predictable" model... We are not being treated well by the banhammer brigade, and it might be time to flip some tables. I would not call simply using a different exit IP than your relay's OR port a bad exit.
I'm not calling exit relays using distinct IPs or inbound (OR) and outbound connections "BadExits" either, quite the opposite, all exits should be using https://2019.www.torproject.org/docs/tor-manual.html.en#OutboundBindAddressE... if they have spare IPs. That is why I implemented and automated that configuration in relayor.
Ok that sounds reasonable. Thanks!
I believe I can tell rerouting exits from exits having distinct IPs for inbound and outbound connections - in most cases.
Are your scanners available for others to run? I understand that it is a risk that making them public may allow bad exits to avoid them, but is it ok if other specific people use and adapt the scanners?
Remember that our directory authorities are deliberately independent from TPI though, and even what I think is not necessarily what TPI thinks. The dirauths may have different opinions. Coordinating policy of this nature is difficult and requires consensus building.
Since dir auths have been removing these kinds of relays, I don't think there is any policy change necessary.
Ok great! Sometimes I am surprised by their decisions, and I didn't see this one.