On 10/04/2016 06:23 PM, Tristan wrote:
Wouldn't it be interesting if we could set up some kind of central "Tor Abuse Center" where all the complaints go, and all the relay operators can help respond to them. I suppose it would be pretty chaotic though...
We actually discussed this briefly again at the recent Tor developers meeting, and it comes up every once in a while. It's an interesting thought experiment, and it would not take much to turn ourselves into an Abuse Management provider. I've seen this actually exists in the commercial space.
One thing that makes it hard is that there's no assurance that someone is really only running an exit on a certain IP address; even if the Abuse Management Service verified that that IP address was a Tor exit at that point in time, it cannot in all honesty state that in fact the exit relay process caused a particular network activity or not.
I do think we can operate this "in good faith", and we simply cannot set it up in a way that we can make it impossible to misuse.
Still, this will not help in this (and related) cases: I have not yet seen proven cases where the reputation of the netblock was endangered, but if an ISP is afraid of that, there's no good way to cooperate. An IDS is their obvious suggestion, which just shows that they don't understand how Tor works. I argue strongly against deploying such systems on Tor exits. It will mess up more than it does good, and it won't be able to reliably detect *and block* bad behaviour.