Meltdown and Spectre are interesting intellectually but real world breaches tend to be more prosaic. It's the boring stuff that gets us: social engineering, shitty passwords, out-of-date software. We see it over and over in the news and in overviews like the DBIR.

I'm not saying we should ignore those vulns but we shouldn't dig a deeper moat while leaving the drawbridge down. Let's make sure we're doing a good job on the basics.

--mkb


On Sep 2, 2018, at 6:21 AM, Gary <jaffacakemonster53@gmail.com> wrote:

Conrad,

Thank you for your reply. I can now see that 4 big + 1 small (or 5 big) providers is definitely better than only 4 big ones for diversity, but it leads to another diversity question which needs some background:

For a while, earlier this year during the spectre / meltdown vulnerability commotion I ran a couple of relays in VM's using Amazon Web Services (AWS). I was confident in the knowledge that the AWS provided kernels / VM's switched to the spectre mitigation measures. Sure they slowed down a bit for a while, but they speeded up again when after AWS tweaked it a little. Because I know my VM's were using the mitigation I know other VM's can't spy on the tor traffic & what ever encryption keys happens to been in the VM's memory at that time (the really paranoid can supply their own kernel / boot image to run).

My VM's were probably running in a rack containing hardware that also runs websites, web applications, corporate cloud email and backup systems the list could go on, but it importantly it is about diversity.

If one person were to run a hardware rack full of VM's that ALL run tor - that is a prime target for, for example, some spying government or international hacker group. For an admittedly far fetched example, some government can fly in, flash a court warrant to an underpaid security guard and do whatever they want to the rack, and then ALL the tor relays that are hosted there are compromised. Yes thats unlikely to happen but its still a risk.

I am interested to hear your opinion on the diversity question of - How does having many relays in one place not damage diversity, even if they are connected to different networks / AS's are are technically controlled by different people. 

Again I want to point out what you are doing is good - I apologise if I appear to be "trolling" you, I am genuinely interested in learning the technical pro's and con's relating to this topic.

Thanks again,

Gary.

On Sun, 2 Sep 2018 at 02:26, Conrad Rockenhaus <conrad@rockenhaus.com> wrote:
Gary,

It’s bad in the same way it’s bad as the other numerous other exit relays that run under the OVH umbrella. I am not my own independent upstream and run my servers at a colocation facility at OVH. I also plan on running my servers at a colocation facility at another location for AS-diversity purposes but donations aren’t enough to cover all of the bills to be honest, but I’m partnering up with a fellow Texan and we’ll make sure this nonprofit grows at the rate needed to support diversity.

But if you ignore the emails sounding alarm about this or that, you should realize - Greypony is no different than Hetzner, OVH, or DigitialOcrean - which rank in the top 5 of the Tor relay providers by size and bandwidth, by node count, AS, and bandwidth. Someone should ask those providers the exact same thing, because they’re setup just like me - I don’t have root access to a customer’s server - they don’t have access.

I’m actually a little drop in the big bucket But I’ve been trying to promote diversity through the use of other providers.

Thanks,

Conrad

> On Sep 1, 2018, at 6:53 AM, Gary <jaffacakemonster53@gmail.com> wrote:
>
> Conrad,
>
> I have been following this thread and would be grateful if you could clear up some confusion for me.
>
> Firstly, I am not 1337 haxorz, I dont have a technical profession. However I do believe in tor and anything that can increase the number of relays is good. You are donating your time and resources freely to tor for the benefit of everyone. You have helped me, others on this list, as well as countless others contribute to the Tor Project.
>
> All these large relays that you are managing - surely this is bad in terms of AS diversity? One user / network provider shouldn't have a large control over the network.
>
> My question:
>
> Is there anyway that these relays can be added to the network in such a way that does not damage diversity?
>
> Dont get me wrong - I believe in what you do. If these relays are been added without damaging diversity then I apologise for my misunderstanding of the topic.
>
> Thanks,
>
> Gary
>
> On Sat, 1 Sep 2018 at 00:12, Conrad Rockenhaus <conrad@rockenhaus.com> wrote:
> Hi teor,
>
> It seems the criticism originated from one guy (Ralph) and one troll who bravely refuses to identify himself.
>
> You want me to stop talking about even the cool things we’re accomplishing thing (like pumping lots of ultra fast bandwidth into the community) because of these two, perhaps one yahoos?
>
> Thanks,
>
> Conrad
>
> On Tue, Aug 28, 2018 at 11:37 PM teor <teor@riseup.net> wrote:
> Hi Conrad (and staff and operators),
>
> > On 28 Aug 2018, at 22:16, Conrad Rockenhaus <conrad@rockenhaus.com> wrote:
> >
> >>
> >> On Aug 27, 2018, at 8:02 PM, Jordan <jordan@yui.cat> wrote:
> >>
> >>> ...
> >>> The research in this paper (https://www.freehaven.net/anonbib/cache/DBLP:conf/ccs/EdmanS09.pdf) is becoming more relevent and is worth discussing as more ISPs come out with the goal of hosting lots and lots of exit relays.
> >>
> >> ...
> >> I have the utmost belief your intentions are good, but the concentration of exits under a non-advertised central control warrants conversation, at least.
> >>
> >> If the end goal is turning $ into relays, not all paths are paved with equal mind to security and it might be worth considering donation-backed alternatives.
> >
> > Actually, Jordan, I appreciate your input, but Greypony is technically operating as a nonprofit organization right now. We’re completing the paperwork to be considered an official nonprofit. We allow people to operate their own relay, on their own HVM instance (which we don’t have access to) for a donation of $15/month for a basic model A instance.
> >
> > They’re totally separately and independently operated relays. We don’t tell them how to operate their relays. We provide support, we provide suggestions, but we don’t operate it for them, we don’t install anything for them, and we’re completely hands off unless they need support with something. Our job is to provide the instance and the bandwidth.
>
> This is the 5th list post in the last few weeks describing Greypony IT's
> services, operators, or relays.
>
> There have also been several critical posts.
>
> Please take a break from promoting or criticising Greypony on this list
> until at least October 2018.
>
> If you feel the need to respond, please use another platform.
>
> Thanks
>
> T
> _______________________________________________
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> --
> Conrad Rockenhaus
> https://www.rockenhaus.com
> ------
> Get started with GreyPony Anonymization Today!
> https://www.greyponyit.com
> _______________________________________________
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> _______________________________________________
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays