On Sat, Oct 31, 2020 at 09:37:38AM +0100, Croax wrote:
Good. Does this mean it will be check and bumped more regularly? I see that lots of relays are running for more than one month from now.
I hope so. I plan to keep running my new scripts and see where things go. Part of it depends on the next steps of the jerk who is doing this.
Or said from the other side: if you find a misbehaving relay, or if you find that a particular url seems like it's being intercepted even if you can't figure out which relay is doing it, please report it!
The sad version of the story is that there's a "long tail" of possible sites that they could mess with, and if they only mess with unpopular or uncommon, it might be a while until anybody notices.
But the happy version of the story is that the more we and others check, the farther down the long tail we push them, i.e. the lower profile they need to be to remain unnoticed. And pushing them down the long tail is also hopefully pushing them towards the point where their operations are unprofitable.
I am definitely missing the in-person gatherings around the world here. It used to be that we could say "Oh, you're in country X? Why don't you meet with so-and-so who is nearby to you" and then build human trust relationships. This year nobody meets anybody, and it is having surprising second-order effects like limiting the growth of the global internet freedom community.
Yes. From the browser perspective, HTTPS should be enforced whatever the context. We may blame final Tor users or website administors for not following security guidance (eg. HSTS preload) but in the end it is the Tor user privacy that is compromised. This is lasting for months and could have been easily prevented. This game of cat and mouse is not good for Tor reputation.
I completely agree.
You're seeing the intersection of two core areas of Tor -- "Tor Browser" and "network health" -- that were both impacted more than average by our covid budget cuts. We definitely have gotten the attention of the Tor Browser devs now, and these steps are on their roadmaps, so I'm optimistic that we'll have some not-just-cat-and-mouse improvements in the medium term.
--Roger