Thomas White thomaswhite@riseup.net wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Sorry, wrong answer. If you block connections from other relays, you break the tor network. I don't recall offhand whether that sort of breakage might earn your relay either an Invalid flag or being simply dropped from the consensus.
For a single relay to my knowledge, it shouldn't do. There are many reasons some relays can't connect to each other so it doesn't "break" Tor as an alternative route is simply found.
Yes, tor, like many other Internet operations, has some ability to route around breakage in its network. However, each time it is necessary to find a way around it, a cost to the network is incurred in the form of wasted processing time over many pieces of equipment, wasted traffic, and likely wasted end-user time.
Are you suggesting that the mobbing attacks on HSDIR relays are the actions of botnets? If so, then you are suggesting that the problem of mobbing of HSDIR relays is probably insoluble because it would not be the symptom of a bug in tor. :-(
The question is botnet CnC's, the proposal has nothing to do with solving the botnet CnC problem and I am also stating Tor is not the one who needs to tackle them right at this moment, the budget and
Agreed.
resources are just not there. However creating a system where operators start blacklisting hidden services is extremely bad for anonymity both for the hidden service and the user.
Also agreed. I was referring to the as yet unsolved problem of HSDIR mobbing, which I have long thought was due to a bug somewhere in tor, just as there used to be a problem with DirPort mobbing. The DirPort mobbing bug was eventually found and fixed a long time ago, but the HSDIR mobbing still hasn't been. But now you have given me the idea that perhaps HSDIR mobbing is actually due to other software applying a malicious attack upon tor relays that have the HSDIR flag. IOW, I wasn't arguing with you, just commenting about this other problem in light of what you had written.
To answer the rest of your question, I am not a developer. I am somebody who cares about anonymity and that is why I run the 2nd largest server cluster on the Tor network from my own pocket. Filtering or proposing to blacklist anything is not acceptable in my view. Whatever solutions individuals care to launch to protect their relay is their own responsibility, but actively developing something by the core developers to blacklist hidden service is a completely despicable idea. To elaborate only on the legal side of things, if I can easily block hidden services passing through my relays or if I am the RV point for one the government can then serve me a notice
AFAICT, the introduction point and the rendez-vous point are about the only places you might be able to block them, though by doing so, you would again be introducing a form of breakage. If your relay were at any other points in the hidden service protocol, you wouldn't have any way of distinguishing it from any other middle node along a tor circuit. But I would need to reread the protocol specification in detail again see whether you could actually deny service even at the invitation and rendez-vous points.
ordering me to block it, this I have already run through my solicitor and there no escaping that fact unfortunately.
Also note, botnets in this sense are not the topic. The proposal is an easy mechanism to censor hidden services and let it not be portrayed as anything other than that. I can see why 90% of people opposed his "coin taint" idea and 75% wanted him to leave the bitcoin foundation. If Tor did introduce such measures, I would be swiftly leaving Tor's ranks and withdrawing all support (both all 25 relays/exits/guards, and financial) from it.
So to state clearly:
Should Tor Project develop a system to filter hidden services?
I'll let people decide that for themselves. But my opinion, is that doing so defies the point of a hidden service and people who push for it should be ashamed of themselves.
Also fully agreed. To develop such a system would require weakening or breaking the current level of protection offered to users, as well as being a special gift to the NSA and its peers in other countries.
Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at sdf.org *or* bennett at freeshell.org * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************