On Sun, Oct 11, 2020 at 01:39:17PM -0500, Mike Perry wrote:
I believe I can tell rerouting exits from exits having distinct IPs for inbound and outbound connections - in most cases.
Are your scanners available for others to run? I understand that it is a risk that making them public may allow bad exits to avoid them, but is it ok if other specific people use and adapt the scanners?
Right, in this particular case, we already run a scanner which provides public output: it's the tordnsel scanner, and check out https://check.torproject.org/exit-addresses
So what we are missing still is (a) a human to go through that list periodically to look for exits that have weirdly too many exit addresses, especially addresses that overlap with other exits, and then (b) somebody to automate the process that that human uses.
In the 'bad exit finding' world, we've had problems in the past with false positives, where some automated tool spams us with "possible" problem relays and we quickly learn that ignoring those reports is the best use of our time. So as we try to automate this one, I'd be a fan of putting the detection threshold quite high, so when we trigger on a relay and escalate to the humans, it's because we're quite confident there's something that needs action.
Remember that our directory authorities are deliberately independent from TPI though, and even what I think is not necessarily what TPI thinks. The dirauths may have different opinions. Coordinating policy of this nature is difficult and requires consensus building.
Since dir auths have been removing these kinds of relays, I don't think there is any policy change necessary.
Ok great! Sometimes I am surprised by their decisions, and I didn't see this one.
Right. This one's an easy choice, because not only is it wasteful as you say, it is also a way that somebody can sign up an exit relay to look at traffic without needing to actually be the exit for that traffic.
--Roger