Last week i got an email with a warning that some of my relays are missing the correct MyFamily setup and that i am a risk to do end-to-end correlation attacks together with a list of all relays i operate plus one relay which uses the same name than i use but is not operated by me.
I already knew that not all of my relays have a correct MyFamily setup because as long as i am not sure if they will stay i usually dont include them in MyFamily because it is a pain to edit every torrc if they anyway will disappear again soon. I did it that way with all relays before and when i am sure that the hoster is okay with me and that i am okay with the hoster i always included them in MyFamily.
In the received email nothing was written that someone might expect an answer from me so i deleted that email and to not trigger that warning again i deleted the contact info from these specific relays for now.
A few days later i got a message that some of my relays will soon get rejected because i did not responded to the previous email.
I explained why i do not have a correct MyFamily setup and i explained that one of these relays is not operated by me even if it has the same name than one of my relays.
The answer of the bad-relays mailing list was that its important for them to know that one of the relays tried to look like me and that i can use a third-party tool for setting up the MyFamily and that further discussion about the MyFamily is more suitable for the relays mailinglist.
What i learned from that:
- The bad-relays team expect an answer to their emails even if they do not tell you that in the first email and rather send you a second email that they will soon reject your relays if you dont answer them.
- I could do an end-to-end correlation attack (I knew that already and would not use the same name and contact info on my relays if i would like to do that)
- It is possible for them to pin relays to specific operators without relying on the contact info or MyFamily entrys (I assume they guess that by looking at the relays names because otherwise they hadn't put a relay which is not operated by me into my warning message)
- If setting up the MyFamily option is too painful for you then you can use a third party tool which is not part of the torproject
- Relays names are free to choose and double entrys are okay but if someone operates an relay with a name you choosed before then you can report that operator to the bad-relays list because that operator might be malicious (Thankfully my relays are not called "Unnamed")
So for what reason do i set the MyFamily option beside making a Hidden Service Guard discovery attack more easy?