[Software Announcement] FamilyGenerator: Tor MyFamily Generator

Hi tor-relays mailing list, I have created a tool called FamilyGenerator. FamilyGenerator is a tool to automatically construct a Tor MyFamily line based on Onionoo parameters. Why? If you run multiple relays, it can become hard to keep your MyFamily line updated if you add or remove relays. FamilyGenerator makes it easier (and automated if you use cron, or maybe without it in a future version if it ever comes). Does it integrate with Tor directly? As of now, no. If you want to automatically load FamilyGenerator outputs to Tor, you can: 1. Make sure all your relays has something in common in the Nickname or ContactInfo lines 2. Use a shell script to generate the MyFamily line with FamilyGenerator 3. Use a cron job to reload Tor after FamilyGenerator runs 4. Include the output in a Include line in your torrc Hopefully, a future version can avoid cron (that is, if it comes). FamilyGenerator is available on GitHub at: https://github.com/neelchauhan/FamilyGenerator You can install it from PyPI with: pip install FamilyGenerator A FreeBSD port is underway. For Debian users, sorry, but there's no Debian package in the pipeline as I don't use Debian. That's it. Thank You, Neel Chauhan

On Sat, 21 Jul 2018 20:29:17 -0400 Neel Chauhan <neel@neelc.org> wrote:
If you blindly trust fingerprints fetched "from the Internet" and insert them into your MyFamily string, then you might as well just use nicknames there. Actually this is what I do, and while it does have the same downside as your tool ("what if someone uses the same nickname"), at least it's much simpler, human-readable in torrc, and not requiring any extra scripts. -- With respect, Roman

Dear operators, please don't generate your torrc MyFamily configurations based on untrusted input. I think it is a *bad* idea to modify tor configurations based on other people's descriptor data *especially* if anyone is going to run this automatically. Please use ground-truth to generate MyFamily sets otherwise we can no longer even trust MyFamily sets. That said if you trust onionoo, you might be able to build onionoo search queries that are NOT vulnerable to random people injecting themselves in your MyFamily set. Examples: - you run your own AS and all servers in that AS are under your control (parameter: as) https://metrics.torproject.org/onionoo.html#parameters_as - all your relays are under your own DNS domain and only you can generate DNS A records for that domain and [1] is implemented (note: these onionoo fields appear currently somewhat broken) Ideally the generator only allows more safe parameter and rejects unsafe parameters like contact
[1] https://trac.torproject.org/projects/tor/ticket/26898 -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu

Hi, On 22/07/18 10:11, nusenu wrote:
- you run your own AS and all servers in that AS are under your control (parameter: as) https://metrics.torproject.org/onionoo.html#parameters_as
This effectively puts MaxMind in charge of MyFamily.
There is no attempt currently to perform any DNSSEC or other validation. The changes don't actually improve trust, just allow you to see data that was previously discarded (when there was no A record). Onionoo is useful for many things, but I don't think this is one of them. Instead, you can use Ansible/Salt/Puppet/whatever to configure MyFamily and there are plenty of ways out there to do this. Thanks, Iain.

good point and I guess there is only a handful of operators with their own AS anyway
I was about to make a ticket for that when I wrote the last mail, since using a DNSSEC validating resolver should not be a whole lot of effort. https://trac.torproject.org/projects/tor/ticket/26901
+1 nonetheless I find it positive that Neel now finally has a (proper?) MyFamily config probably because of this non-perfect way of collecting FPs. I still hope no one is using onionoo query results to alter their config *automatically* -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu

Well, my relays don't use FamilyGenerator.
I still hope no one is using onionoo query results to alter their config *automatically*
I guess then I realized that generating MyFamily from Onionoo output is not such a good idea after all. I updated my GitHub page for "FamilyGenerator" to reflect these issues and put a link to this thread (so random people don't just use my software). -Neel Chauhan On 2018-07-22 12:01, nusenu wrote:
participants (5)
-
Iain Learmonth
-
John Ricketts
-
Neel Chauhan
-
nusenu
-
Roman Mamedov