nusenu:
FWIW: we kicked a bunch of relays out of the network today which might or might not contain any of those, hard to tell.
Please publish the relay fingerprints that directory authorities remove, otherwise only the malicious entities get to learn and improve since they see the removal in their logfiles anyway but we tor users don't get to learn anything because it remains largely invisible to us.
That's a bit tricky because potential *other* attackers might be able to learn things from our rejects if we are not careful. On the other hand, transparency is very valuable, in particular in the bad-relays area which is one of the least transparent areas in Tor (for good reasons, though, see Roger's mail[1] from a couple of years back explaining the dilemma we are in).
That said I think we could try publishing, with some delay, the fingerprints we reject after seeing them involved in attacks. For instance, we could have a monthly list of those fingerprints which we publish, as a general rule of thumb[2], at the beginning of the following month.
I think I'll find a place in our network-health wiki for that.
Thanks for the suggestion, Georg
[1] https://lists.torproject.org/pipermail/tor-talk/2014-July/034219.html [2] There might be exceptions to that rule, though, for instance if an attack starts at the end of the month and is still on-going during the begin of the new one, or if we think the rejection is too close to the end of that month and thus the delay I talked about above is too short. In both and other cases those fingerprints will then get picked up at the begin of the month following after that.
Roger's email from 2020-10-31 is a good example that made further investigations possible.
kind regards, nusenu