Hi Michael,
Last week i got an email with a warning that some of my relays are missing the correct MyFamily setup and that i am a risk to do end-to-end correlation attacks together with a list of all relays i operate plus one relay which uses the same name than i use but is not operated by me.
the email Michael is referring to for the interested readers: [1]
I already knew that not all of my relays have a correct MyFamily setup because as long as i am not sure if they will stay i usually dont include them in MyFamily because it is a pain to edit every torrc
Yes, manually managing MyFamily is a pain with that many relays. It is best to automate it so you don't have to worry about it no matter how long your relays might run.
It is also relevant to note that we are not talking about fresh relays (born days or weeks ago) but >6 months.
A few days later i got a message that some of my relays will soon get rejected because i did not responded to the previous email.
A more correct version is: some relays were proposed for removal on the bad-relays@ list should there not be any reaction by the operator [2].
That is something different than informing an operator about an upcoming removal since everybody can propose removals and only dir auths can actually vote for the removal.
[2] For the readers on this list, this is the second mentioned email:
I'm proposing the removal of the first 5 entries in the following table (end-to-end correlation risk) should there not be any reaction to this email from the operator.
A previous email from 2020-02-15 did not result in a reply so far.
+---------------------+--------+----------------------+------------------+-------------------+-----------------+---------------------------------------------------+------------------------------------------+ | first_seen | member | contact | nickname | tor_version | IP | as_name | fingerprint | +---------------------+--------+----------------------+------------------+-------------------+-----------------+---------------------------------------------------+------------------------------------------+ | 2020-02-01 18:00:00 | 1 | NULL | angeltest33 | 0.4.2.6 | 139.99.238.17 | OVH SAS | 4BF3D299BC500C350868F078749291C766C7AA6F | | 2020-01-11 16:00:00 | 1 | NULL | angeltest5test | 0.4.2.6 | 51.38.147.96 | OVH SAS | 951307BA74E44A9C9C208B2F134CDA2409944075 | | 2019-08-06 11:00:00 | 1 | NULL | angeltest27 | 0.4.2.6 | 185.173.177.153 | GalaxyStar LLC | 95C8B9418E74F3FF80E5C3D3AF7F03156FFBBFBE | | 2019-08-31 09:00:00 | 1 | NULL | angeltest9 | 0.2.9.14 | 104.244.76.190 | FranTech Solutions | F1D5C0F5157D9B24014BE8C7A1D878AEA6843B42 | | 2019-11-21 12:00:00 | 1 | NULL | angeltest26test | 0.4.2.6 | 91.243.50.239 | Petersburg Internet Network ltd. | F51A927E34662D6005393F2327C870FB0D0D7FE0 |
- The bad-relays team expect an answer to their emails even if they do
not tell you that in the first email and rather send you a second email that they will soon reject your relays if you dont answer them.
I think you are confusing the "bad-relays team" with subscribers or people sending emails to the bad-relays@ list. If in doubt require the sender to have a @torproject.org address (unfortunately there is no actual sender address for the bad-relays team since it is just a mailing list)
So for what reason do i set the MyFamily option beside making a Hidden Service Guard discovery attack more easy?
- risk reduction for tor users MyFamily declarations allow the tor client software to automatically detect relay families when creating circuits to avoid using multiple relays from the same operator in a single circuit.
- reducing the risk for tor users that might become victims if some operator gets compromized (with all its relays)
- transparency Every relay operator should declare their relay group to allow everybody to measure their network fraction (Sybil detection).
- risk reduction for relay operators MyFamily also provides risk reduction for operators since they are less valuable as an attack target if they can not technically be used for e2e correlation attacks
- allow the identification of "false-friends" and actual malicious relays By setting MyFamily you make it easier to detect relays that claim to be you since MyFamily requires mutual configuration malicious entities can not add their relays to your MyFamily.
This is what happened in your case (which was a mixture of misconfiguration and actual "false-friends").
If you are really interested into the MyFamily topic you can find a few tickets on trac.torproject.org about it (including arguments against it).
[1]:
Hello,
This email wants to make you aware that you are probably putting tor users at risk by not properly setting MyFamily on your tor relays.
If the relays using your contactInfo are not actually yours please send an email to bad-relays@lists.torproject.org so they can be removed from the network for impersonating your contactInfo.
https://nusenu.github.io/OrNetStats/endtoend-correlation-groups#torrpi1405gm...
Thanks for taking care of this.
+---------------------+------+------------------+--------+----------------------+-------------------+-----------------+------------------------------------------+ | first_seen | exit | nickname | member | contact | tor_version | IP | fingerprint | +---------------------+------+------------------+--------+----------------------+-------------------+-----------------+------------------------------------------+ | 2018-08-28 21:00:00 | 0 | angeltest2 | 27 | torrpi1405@gmail.com | 0.4.4.0-alpha-dev | 5.39.60.243 | 3B07C500AC17E7B5A1EE616613E104A094AB87F3 | | 2018-09-05 17:00:00 | 0 | angeltest7 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 37.252.187.111 | EE4AF632058F0734C1426B1AD689F47445CA2056 | | 2018-09-05 20:00:00 | 0 | angeltest8 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 185.112.82.50 | 7AAF5597B18D82CC90CA95FB7976A1CEA4A32E06 | | 2018-09-07 23:00:00 | 0 | angeltest9 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 92.38.163.21 | 9288B75B5FF8861EFF32A6BE8825CC38A4F9F8C2 | | 2018-09-27 00:00:00 | 0 | angeltest11 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 213.183.60.21 | 39F91959416763AFD34DBEEC05474411B964B2DC | | 2018-09-27 19:00:00 | 0 | angeltest12 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 91.201.65.91 | 57C6DF5B93E54EB9C8DB90029D9E9A1111BD34D2 | | 2018-12-15 00:00:00 | 0 | angeltest14 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 195.123.245.141 | 465D17C6FC297E3857B5C6F152006A1E212944EA | | 2019-01-10 00:00:00 | 0 | angeltest18 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 94.140.125.122 | B517198B86B3859C307857C59F6660A281FC8B47 | | 2019-01-10 22:00:00 | 0 | angeltest19 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 185.246.152.22 | A86EC24F5B8B964F67AC7C27CE92842025983274 | | 2019-02-26 10:00:00 | 0 | angeltest20 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 178.17.170.103 | ADE6AB2BFBD7A5780B321DC33BBACCD0D777C94D | | 2019-04-26 12:00:00 | 0 | angeltest23 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 81.169.235.154 | EFA2E7B073AA4CE2DAF7160F23C90DB805948F4A | | 2019-05-29 07:00:00 | 0 | angeltest26 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 89.223.100.121 | 40108FDFA40EDB013F7291F3B4DA3D412ED3A5EF | | 2019-08-06 11:00:00 | 0 | angeltest27 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 185.173.177.153 | 95C8B9418E74F3FF80E5C3D3AF7F03156FFBBFBE | | 2019-08-13 12:00:00 | 0 | angeltest6 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 185.61.149.67 | 295F1BD8995A12ECC77E050CCF6EC641572739E9 | | 2019-08-19 04:00:00 | 0 | angeltest28 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 31.207.89.49 | 1A7A2516A961F2838F7F94786A8811BE82F9CFFE | | 2019-09-19 14:00:00 | 0 | angeltest3 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 62.141.38.69 | FF9FC6D130FA26AE3AE8B23688691DC419F0F22E | | 2019-10-02 19:00:00 | 0 | angeltest10 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 178.254.20.159 | C1939D36649DE98A202429631D8EFC70128D5F5F | | 2019-11-01 05:00:00 | 0 | angeltest5 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 51.38.134.104 | 39C6F833D4B09524770D3655DF825A11213CA0A9 | | 2019-11-01 08:00:00 | 0 | angeltest27test | 1 | torrpi1405@gmail.com | 0.4.2.6 | 92.223.109.71 | 1323D34C2FA4AE0EC4EEA9853F3464693EF428E7 | | 2019-11-02 14:00:00 | 0 | angeltest17 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 5.34.183.29 | F8AA8D8CCBA0C5F2836DE6315CDFA6E4A31A0890 | | 2019-11-05 14:00:00 | 0 | angeltest13 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 185.225.17.173 | A4CC39184AD287D72C2247738835811C7A7ECB8E | | 2019-11-21 12:00:00 | 0 | angeltest26test | 1 | torrpi1405@gmail.com | 0.4.2.6 | 91.243.50.239 | F51A927E34662D6005393F2327C870FB0D0D7FE0 | | 2019-12-11 22:00:00 | 0 | angeltest29 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 87.106.152.102 | 73283C4DEBC01D3E4A5FD1BB1F2B50D927379F59 | | 2019-12-20 04:00:00 | 0 | angeltest24 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 2.56.241.243 | 401A66747713038CEEF6ED28C8AFEB70570EEBCC | | 2019-12-20 06:00:00 | 0 | angeltest25 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 185.118.164.41 | C9BC841E180B35F229FD47664F84CF8A8ADB3F68 | | 2019-12-24 16:00:00 | 0 | angeltest30 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 185.4.135.157 | B93503D458D9FE97DE5C12D211082871D08F1284 | | 2020-01-11 16:00:00 | 0 | angeltest5test | 1 | torrpi1405@gmail.com | 0.4.2.6 | 51.38.147.96 | 951307BA74E44A9C9C208B2F134CDA2409944075 | | 2020-01-12 17:00:00 | 0 | angeltest31 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 185.101.35.219 | 2F8B9500DC98C13FD28CC51E47D3416DE423ED78 | | 2020-01-14 15:00:00 | 0 | angeltest32 | 27 | torrpi1405@gmail.com | 0.4.2.6 | 185.99.2.178 | 12B1A5769D38FF47CF68C2235E1BDA315DF400F2 | | 2020-01-23 04:00:00 | 0 | angeltest16 | 27 | torrpi1405@gmail.com | 0.4.4.0-alpha-dev | 195.123.238.164 | D5812BAB52820A4D448E5F16EE363A0F4CEEF691 | | 2020-02-01 18:00:00 | 0 | angeltest33 | 1 | torrpi1405@gmail.com | 0.4.2.6 | 139.99.238.17 | 4BF3D299BC500C350868F078749291C766C7AA6F | | 2020-02-11 14:00:00 | 1 | angeltestwindows | 1 | torrpi1405@gmail.com | 0.4.2.5 | 91.132.147.168 | DC81AA3B1D51566DBF27BFA562E4047AEB1C52DA | +---------------------+------+------------------+--------+----------------------+-------------------+-----------------+------------------------------------------+