Hello!
A couple of days ago, on 2025-02-06, an unknown family with 24 exit relays showed up in the Tor network. We followed our usual approach[1] in those cases: reaching out to the operator welcoming them in our community while at the same time being cautious and keeping the relays in a middleonly position until we know more about that large group.
It turns out that while this operator was using a different identity this time, they are a known attacker that showed up as Zakwan Kalb on our network previously. Some of you might remember them complaining about their relays being banned from the network more than three years ago and spreading fear, uncertainty and doubt (FUD) after that, including reaching out to some of you in private.[2] We heard they did that again on the weekend, this time accusing the Tor Project of, among other things, not allowing a random person to run relays and that the Tor network is run entirely by people chosen by us. Moreover, they alluded to us running a possible end-to-end confirmation attack in the Tor network itself.
None of those claims is correct and, therefore, please ignore that email in case you got it.
Moreover, such FUD tactics are to be expected by adversaries that try to harm the Tor network and who are confronted with the day-to-day work the network-health and community teams together with relay operators and directory authorities are doing to keep the network safe.
A strong community is a good remedy against those attempts to disrupt our network and project. Thus, let's stay vigilant and build trust in each other, and keep those bad actors we find out of the network.
Thanks, Gus
[1] https://blog.torproject.org/malicious-relays-health-tor-network/ [2] https://lists.torproject.org/mailman3/hyperkitty/list/tor-relays@lists.torpr...
On Mon, Feb 10, 2025 at 11:20:44AM +0100, mpan via tor-relays wrote:
Hello my fellow relay operators, It doesn't seem like there's any malicious intent, maybe a bit of schizophrenia perhaps, but I've reached back out simply asking if he has any proof of anything actually going on just to appease my own curiosity. (…) I have no further comment about this.
Thanks, Zachary.
Per the principle of not giving exposure, I avoided posting a message. After all, all of us are going to receive it. My only concern was, that perhaps only I got the email. Making that some weird kind of a phishing attack. Now it’s clear that’s not the case.
It seems that the person harvested emails and indiscriminately spammed everybody: the recipients list contains @torproject.org too.
I agree regarding this not being malicious. However. If we’re wrong, I see two options to be cautious about. It may be FUD against Tor: the network or the project. With the goal of either discouraging participation or presenting us to other observers as not caring. Or it may be an attempt to collect data on relay operators. What kind, I can’t tell, but this is the kind of message that triggers xkcd 386 and engaging in a mail exchange.
Cheers, keep relaying and carry on _______________________________________________ tor-relays mailing list -- tor-relays@lists.torproject.org To unsubscribe send an email to tor-relays-leave@lists.torproject.org