Go home GeoIP, you're drunk.
I moved a Tor relay to new hardware, keeping the keys. Both old and new server are located in Germany and provided by the same hosting company. After the latest Atlas update, I was surprised to see that the IPv4 address is listed as belonging to an AS in Ukraine. A little more digging returned Guangzhou, China, as the supposed location based on the server's IPv6 address. Is there anything I can/should do about this (I doubt it)? Will this affect my Tor node consensus weight? As it is not an exit node, I am hoping it won't matter much. -Ralph
Welcome to the wonderful world of drunk GeoIPs. They are not always correct, you didn’t expect that, right, RIGHT?
Is there anything I can/should do about this (I doubt it)?
No.
Will this affect my Tor node consensus weight?
Njet.
As it is not an exit node, I am hoping it won't matter much.
Get yourself booze and join your GeoIPs.
-Ralph
niftybunny
On Thu, Aug 03, 2017 at 11:52:00PM +0200, Ralph Seichter wrote:
Yeah, that pattern happens a lot with IPv4 addresses in Germany and Netherlands in particular, because they "lend" them out to more remote countries like Nigeria, and then take them back a few years later, and the whois databases are always a bit behind.
It should not affect your consensus weight -- that number is made by several vantage points actually making Tor circuits through relays including yours, and those vantage points don't care what the geoip database says about your IP address. --Roger
On 04.08.17 00:12, Roger Dingledine wrote:
It has only been two days, but the consensus weight has not changed much. As I expected, there was a noticeable drop in connections (the new IP addresses have to propagate through the Tor network after all), but the trend points upward. I'll keep an eye on things. -Ralph
Ralph Seichter wrote:
A bit off-topic but after updating the client to 0.3.0.10 I noticed that torstatus.rueckgr.at some times reports US based exits which are excluded by my config (ExcludeExitNodes {US}). Not a big deal for me but GeoIP manupulation is a potential attack vector to reveal identities of people who try to avoid certain countries. -- Alex
Different GeoIP sources have different country allocations. Also, this option only blocks exit nodes with ORPort addresses in the US. For example, I run an exit in Canada, where some addresses were allocated from an Canadian block, and others were allocated from a US block. So if I wanted to, I could ORPort on a Canadian address, and Exit on a US one.
Behaving differently to most tor clients has always been a fingerprinting vector. We need more research on how to exclude some nodes for some users safely. (It might not even be possible to do it safely.) T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------
teor wrote:
It sounds like a country should be set by an operator in torrc rather than relying on GeoIP.
Behaving differently to most tor clients has always been a fingerprinting vector.
Does ExcludeExitNodes option change a number of packets/packet sizes sent or received by a client or do you mean a distributed fingerprint collected over a number of nodes? -- Alex
On Mon, 07 Aug 2017 08:41:31 +0000, Alexander Nasonov wrote: ...
It sounds like a country should be set by an operator in torrc rather than relying on GeoIP.
NSA: There are people excluding US exits? Just let's set some of ours to india. (Where that is probably not their modus ...
When twitter notices one of their users always comes via tor, but never from US exits, and $otherservice does the same, they can collude and suspect that these two users are, in fact, the same person. Andreas -- "Totally trivial. Famous last words." From: Linus Torvalds <torvalds@*.org> Date: Fri, 22 Jan 2010 07:29:21 -0800
Andreas Krey wrote:
NSA: There are people excluding US exits? Just let's set some of ours to india. (Where that is probably not their modus
Tor enthusiasts: Hmm, advertised country doesn't match GeoIP, let's take a closer look ...
It's a good point but I can think of a scenario where a user excludes a particular country or countries for legal reasons or based on a geopolitical situation. Alex
On Mon, Aug 7, 2017 at 4:23 PM, Alexander Nasonov <alnsn@yandex.ru> wrote:
(psst: https://github.com/zackw/active-geolocator might be useful to anyone interested in taking a closer look) zw
participants (7)
-
Alexander Nasonov -
Andreas Krey -
niftybunny -
Ralph Seichter -
Roger Dingledine -
teor -
Zack Weinberg