On Sat, May 20, 2017 at 04:01:04AM +0200, Tobias Sachs wrote:
any idea how to avoid the guard flag at this time? My only idea is to trottle down the speed but this is a bad solution imho.
I don't think there's an easy way.
If you set "DirCache 0" in your torrc file, then you will still get the Guard flag, but you'll lose the V2Dir flag, which will make clients running 0.3.0.x and later decide that you're not usable as a Guard.
But the stable Tor Browser releases still ship Tor 0.2.9.x, which is willing to use Guards that don't have the V2Dir flag.
One answer that is still crummy but is less crummy than throttling is to give the relay some downtime every so often, so its weighted-fractional-uptime doesn't look attractive, so the authorities won't give it the Guard flag. You could compensate for the downtime by running two relays, and swapping between them.
But that's a lot of work. What is your goal here? If the goal is to avoid running a thing on the Internet that scared incompetent cops might try to mess with, then I would be tempted to argue that you'll have better success (albeit maybe still not much) fixing the cops.
(Or empowering and educating the ISPs, and/or choosing hosting at an ISP that is already empowered and educated. Maybe the people at OVH would have some statement like "I could do nothing, they were cops", but there are plenty of things they could have chosen to do to help everybody understand what's going on, then and in the future. Or maybe they did these things? It's hard to know from the outside.)
In this particular case, it looks like a bunch of people who don't understand the Internet went berserk in response to Wannacry, and it also looks like they're done going berserk in this particular case. It's hard to know how to extrapolate from this one data point, but I would hope it will be a good long while until some other situation like this, and also there's nothing to say it will necessarily happen at OVH again next time.
Oh, and while I have your attention: if anybody wants to do some historical Tor directory data mining, so we can make it less scary when bad guys steal your relay identity key, check out https://trac.torproject.org/projects/tor/ticket/22308 "Consider resetting wfu/mtbf/tk values for relays when they switch IP addresses"
--Roger