Am Sa., 22. Feb. 2020 um 15:17 Uhr schrieb nusenu nusenu-lists@riseup.net:
- risk reduction for tor users
MyFamily declarations allow the tor client software to automatically detect relay families when creating circuits to avoid using multiple relays from the same operator in a single circuit.
This should not matter if the operator is not malicious
That is a big if and impossible to detect automatically. If we accept operators to run end-to-end correlation relay groups by receiving "you can trust me" emails you can guess what malicious actors will do next.
Of course would they do.
The only way the tor client software can detect relay groups across multiple /16 blocks automatically and at scale is currently by MyFamily declaration. There is no "dude don't worry, you can trust me" flag.
And if there would be then this would be the worst possible solution.
and like i already said an malicious operator will not use the same contact info or relay
name.
We've had that already.
I know. Thats why i point that out again because now i am somehow affected too and can better understand what they mean with that sentence.
But as long as my family is still a small
It is rather hard, time consuming and error prone to asses group sizes without proper MyFamily declarations.
I am the operator of my relays so if i for whatever reason decide to not publish that i run a bigger family then this should be my own decision.
If the torproject needs these information urgently they need to force it for example with a relay registration or should find a better soultion which is not depending on a trust level.
I think MyFamily greatly fails in trying to solve a problem
I agree, but it is currently the only option how operators can tell tor clients about their relay group in an automated way.
To summarize:
Multiple recommendations (with and without configuration management) have been pointed out to practically solve the hassle of MyFamily across multiple relays with a growing group of relays without requiring to mess with all torrc files manually whenever a new relay gets added to a group.
Understood.
Using one of them should be in the interest of relay operators to help protect tor users (and indirectly help with malicious relay detection).
Not proposing relays of honest operators for removal should be in the interest of all to help protect tor users but an opt-in solution for MyFamily which gets forced by random people on a public tor-bad-relays mailinglist is not the right way in my opinion because obviously at least in my case these people might lack information. I understand that this is only obvious for me but then these people should think twice before they propose relays for removal.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays