I moved a Tor relay to new hardware, keeping the keys. Both old and new server are located in Germany and provided by the same hosting company. After the latest Atlas update, I was surprised to see that the IPv4 address is listed as belonging to an AS in Ukraine. A little more digging returned Guangzhou, China, as the supposed location based on the server's IPv6 address.
Is there anything I can/should do about this (I doubt it)? Will this affect my Tor node consensus weight? As it is not an exit node, I am hoping it won't matter much.
-Ralph
On 3. Aug 2017, at 23:52, Ralph Seichter tor-relays-ml@horus-it.de wrote:
I moved a Tor relay to new hardware, keeping the keys. Both old and new server are located in Germany and provided by the same hosting company. After the latest Atlas update, I was surprised to see that the IPv4 address is listed as belonging to an AS in Ukraine. A little more digging returned Guangzhou, China, as the supposed location based on the server's IPv6 address.
Welcome to the wonderful world of drunk GeoIPs. They are not always correct, you didn’t expect that, right, RIGHT?
Is there anything I can/should do about this (I doubt it)?
No.
Will this affect my Tor node consensus weight?
Njet.
As it is not an exit node, I am hoping it won't matter much.
Get yourself booze and join your GeoIPs.
-Ralph
niftybunny
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Thu, Aug 03, 2017 at 11:52:00PM +0200, Ralph Seichter wrote:
I moved a Tor relay to new hardware, keeping the keys. Both old and new server are located in Germany and provided by the same hosting company. After the latest Atlas update, I was surprised to see that the IPv4 address is listed as belonging to an AS in Ukraine. A little more digging returned Guangzhou, China, as the supposed location based on the server's IPv6 address.
Yeah, that pattern happens a lot with IPv4 addresses in Germany and Netherlands in particular, because they "lend" them out to more remote countries like Nigeria, and then take them back a few years later, and the whois databases are always a bit behind.
Is there anything I can/should do about this (I doubt it)? Will this affect my Tor node consensus weight? As it is not an exit node, I am hoping it won't matter much.
It should not affect your consensus weight -- that number is made by several vantage points actually making Tor circuits through relays including yours, and those vantage points don't care what the geoip database says about your IP address.
--Roger
On 04.08.17 00:12, Roger Dingledine wrote:
It should not affect your consensus weight -- that number is made by several vantage points actually making Tor circuits through relays including yours [...]
It has only been two days, but the consensus weight has not changed much. As I expected, there was a noticeable drop in connections (the new IP addresses have to propagate through the Tor network after all), but the trend points upward. I'll keep an eye on things.
-Ralph
Ralph Seichter wrote:
I moved a Tor relay to new hardware, keeping the keys. Both old and new server are located in Germany and provided by the same hosting company. After the latest Atlas update, I was surprised to see that the IPv4 address is listed as belonging to an AS in Ukraine. A little more digging returned Guangzhou, China, as the supposed location based on the server's IPv6 address.
A bit off-topic but after updating the client to 0.3.0.10 I noticed that torstatus.rueckgr.at some times reports US based exits which are excluded by my config (ExcludeExitNodes {US}). Not a big deal for me but GeoIP manupulation is a potential attack vector to reveal identities of people who try to avoid certain countries.
On 6 Aug 2017, at 02:38, Alexander Nasonov alnsn@yandex.ru wrote:
Ralph Seichter wrote:
I moved a Tor relay to new hardware, keeping the keys. Both old and new server are located in Germany and provided by the same hosting company. After the latest Atlas update, I was surprised to see that the IPv4 address is listed as belonging to an AS in Ukraine. A little more digging returned Guangzhou, China, as the supposed location based on the server's IPv6 address.
A bit off-topic but after updating the client to 0.3.0.10 I noticed that torstatus.rueckgr.at some times reports US based exits which are excluded by my config (ExcludeExitNodes {US}).
Different GeoIP sources have different country allocations.
Also, this option only blocks exit nodes with ORPort addresses in the US.
For example, I run an exit in Canada, where some addresses were allocated from an Canadian block, and others were allocated from a US block. So if I wanted to, I could ORPort on a Canadian address, and Exit on a US one.
Not a big deal for me but GeoIP manupulation is a potential attack vector to reveal identities of people who try to avoid certain countries.
Behaving differently to most tor clients has always been a fingerprinting vector.
We need more research on how to exclude some nodes for some users safely. (It might not even be possible to do it safely.)
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------
teor wrote:
For example, I run an exit in Canada, where some addresses were allocated from an Canadian block, and others were allocated from a US block. So if I wanted to, I could ORPort on a Canadian address, and Exit on a US one.
It sounds like a country should be set by an operator in torrc rather than relying on GeoIP.
Behaving differently to most tor clients has always been a fingerprinting vector.
Does ExcludeExitNodes option change a number of packets/packet sizes sent or received by a client or do you mean a distributed fingerprint collected over a number of nodes?
On Mon, 07 Aug 2017 08:41:31 +0000, Alexander Nasonov wrote: ...
It sounds like a country should be set by an operator in torrc rather than relying on GeoIP.
NSA: There are people excluding US exits? Just let's set some of ours to india. (Where that is probably not their modus
...
Does ExcludeExitNodes option change a number of packets/packet sizes sent or received by a client or do you mean a distributed fingerprint collected over a number of nodes?
When twitter notices one of their users always comes via tor, but never from US exits, and $otherservice does the same, they can collude and suspect that these two users are, in fact, the same person.
Andreas
Andreas Krey wrote:
NSA: There are people excluding US exits? Just let's set some of ours to india. (Where that is probably not their modus
Tor enthusiasts: Hmm, advertised country doesn't match GeoIP, let's take a closer look ...
When twitter notices one of their users always comes via tor, but never from US exits, and $otherservice does the same, they can collude and suspect that these two users are, in fact, the same person.
It's a good point but I can think of a scenario where a user excludes a particular country or countries for legal reasons or based on a geopolitical situation.
Alex
On Mon, Aug 7, 2017 at 4:23 PM, Alexander Nasonov alnsn@yandex.ru wrote:
Andreas Krey wrote:
NSA: There are people excluding US exits? Just let's set some of ours to india. (Where that is probably not their modus
Tor enthusiasts: Hmm, advertised country doesn't match GeoIP, let's take a closer look ...
(psst: https://github.com/zackw/active-geolocator might be useful to anyone interested in taking a closer look)
zw
tor-relays@lists.torproject.org
-
Alexander Nasonov -
Andreas Krey -
niftybunny -
Ralph Seichter -
Roger Dingledine -
teor -
Zack Weinberg