Is there a procedure I should follow if a relay has been seized by the police? Do DirAuths typically do something in cases where a relay is seized? I just got a message from NQHost stating that "We have received several police inquires and court order to seize your VPS. ". This affects relay A1E0245862C707F977DF0EC79257C49CD5DA99FE.
Thanks, Kevin
Because you lost control of your exit relay, you should ask DirAuths to reject/refuse/ban your exit.
On 11/06/2015 05:05 PM, Kevin Beranek wrote:
Is there a procedure I should follow if a relay has been seized by the police? Do DirAuths typically do something in cases where a relay is seized? I just got a message from NQHost stating that "We have received several police inquires and court order to seize your VPS. ". This affects relay A1E0245862C707F977DF0EC79257C49CD5DA99FE.
Thanks, Kevin
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Is there a better list than this one for doing so? I can't find a list that seems more appropriate on https://lists.torproject.org/cgi-bin/mailman/listinfo. Or do I have to email the DirAuths directly? If so, where do I find the addresses to use?
On Fri, Nov 6, 2015 at 8:20 AM, justaguy justaguy@justaguy.pw wrote:
Because you lost control of your exit relay, you should ask DirAuths to reject/refuse/ban your exit.
On 11/06/2015 05:05 PM, Kevin Beranek wrote:
Is there a procedure I should follow if a relay has been seized by the police? Do DirAuths typically do something in cases where a relay is seized? I just got a message from NQHost stating that "We have received several police inquires and court order to seize your VPS. ". This affects relay A1E0245862C707F977DF0EC79257C49CD5DA99FE.
Thanks, Kevin
tor-relays mailing listtor-relays@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hey Kevin,
under the following URL you can find all authorities with their email adresses stated in the "contact" section. Please make sure you inform every single one of them in case you have lost any access to your VPS so you can't shutdown/delete your relay.
2015-11-06 17:31 GMT+01:00 Kevin Beranek kevin@kberanek.com:
Is there a better list than this one for doing so? I can't find a list that seems more appropriate on https://lists.torproject.org/cgi-bin/mailman/listinfo. Or do I have to email the DirAuths directly? If so, where do I find the addresses to use?
On Fri, Nov 6, 2015 at 8:20 AM, justaguy justaguy@justaguy.pw wrote:
Because you lost control of your exit relay, you should ask DirAuths to reject/refuse/ban your exit.
On 11/06/2015 05:05 PM, Kevin Beranek wrote:
Is there a procedure I should follow if a relay has been seized by the police? Do DirAuths typically do something in cases where a relay is seized? I just got a message from NQHost stating that "We have received several police inquires and court order to seize your VPS. ". This affects relay A1E0245862C707F977DF0EC79257C49CD5DA99FE.
Thanks, Kevin
tor-relays mailing listtor-relays@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
and here's the URL I spoke of: https://atlas.torproject.org/#search/flag:Authority Sorry, I forgot to paste it in the email.
2015-11-06 18:16 GMT+01:00 DerTor Steher dertorsteher@gmail.com:
Hey Kevin,
under the following URL you can find all authorities with their email adresses stated in the "contact" section. Please make sure you inform every single one of them in case you have lost any access to your VPS so you can't shutdown/delete your relay.
2015-11-06 17:31 GMT+01:00 Kevin Beranek kevin@kberanek.com:
Is there a better list than this one for doing so? I can't find a list that seems more appropriate on https://lists.torproject.org/cgi-bin/mailman/listinfo. Or do I have to email the DirAuths directly? If so, where do I find the addresses to use?
On Fri, Nov 6, 2015 at 8:20 AM, justaguy justaguy@justaguy.pw wrote:
Because you lost control of your exit relay, you should ask DirAuths to reject/refuse/ban your exit.
On 11/06/2015 05:05 PM, Kevin Beranek wrote:
Is there a procedure I should follow if a relay has been seized by the police? Do DirAuths typically do something in cases where a relay is seized? I just got a message from NQHost stating that "We have received several police inquires and court order to seize your VPS. ". This affects relay A1E0245862C707F977DF0EC79257C49CD5DA99FE.
Thanks, Kevin
tor-relays mailing listtor-relays@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Kevin Beranek:
Is there a better list than this one for doing so? I can't find a list that seems more appropriate on https://lists.torproject.org/cgi-bin/mailman/listinfo. Or do I have to email the DirAuths directly? If so, where do I find the addresses to use?
That would be bad-relays@lists.torproject.org; I've forwarded your original email to the list. Please don't hesitate to email updates, questions or concerns.
Thanks, -- Nima
On 11/06/2015 05:31 PM, Kevin Beranek wrote:
Is there a better list than this one for doing so? I can't find a list that seems more appropriate on https://lists.torproject.org/cgi-bin/mailman/listinfo. Or do I have to email the DirAuths directly? If so, where do I find the addresses to use?
The "official way" is to email bad-relays@lists.torproject.org : https://blog.torproject.org/blog/how-report-bad-relays
They stop it, make a dump of the RAM and save the hard drive.
Am 06.11.2015 um 20:58 schrieb I:
How can they seize a virtual server? Which country are the police from?
Robert
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Well, of course they take a dump of the RAM and stop it afterwards :-)
Am 06.11.2015 um 21:18 schrieb Josef Stautner:
They stop it, make a dump of the RAM and save the hard drive.
Am 06.11.2015 um 20:58 schrieb I:
How can they seize a virtual server? Which country are the police from?
Robert
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 7 Nov 2015, at 07:20, Josef Stautner hello@veloc1ty.de wrote:
Well, of course they take a dump of the RAM and stop it afterwards :-)
The directory authorities are generally more concerned when they *don't* stop it afterwards, and instead keep running it, perhaps with extra logging, packet dumps, and decryption via seized private keys.
T
Am 06.11.2015 um 21:18 schrieb Josef Stautner:
They stop it, make a dump of the RAM and save the hard drive.
Am 06.11.2015 um 20:58 schrieb I:
How can they seize a virtual server? Which country are the police from?
Robert
tor-relays mailing list tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
Thanks everyone. I sent an email to all of the DirAuth operators.
On Fri, Nov 6, 2015 at 12:41 PM, Tim Wilson-Brown - teor <teor2345@gmail.com
wrote:
On 7 Nov 2015, at 07:20, Josef Stautner hello@veloc1ty.de wrote:
Well, of course they take a dump of the RAM and stop it afterwards :-)
The directory authorities are generally more concerned when they *don't* stop it afterwards, and instead keep running it, perhaps with extra logging, packet dumps, and decryption via seized private keys.
T
Am 06.11.2015 um 21:18 schrieb Josef Stautner:
They stop it, make a dump of the RAM and save the hard drive.
Am 06.11.2015 um 20:58 schrieb I:
How can they seize a virtual server? Which country are the police from?
Robert
tor-relays mailing listtor-relays@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing listtor-relays@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Russian, I assume because the relay was in Russia.
On Fri, Nov 6, 2015 at 12:49 PM, I beatthebastards@inbox.com wrote:
Which police?
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 7 Nov 2015, at 08:36, Kevin Beranek kevin@kberanek.com wrote:
Russian, I assume because the relay was in Russia.
Russia has over 200 mutual legal assistance treaties. Source: http://www.mlat.is/p/query-interface.html (requires JavaScript)
Sometimes it's impossible to tell where the investigation was initiated, even if the police force executing the seizure is local. (And even if it was foreign law enforcement, I'd be surprised if they told you anything.)
T
On Fri, Nov 6, 2015 at 12:49 PM, I <beatthebastards@inbox.com mailto:beatthebastards@inbox.com> wrote: Which police?
tor-relays mailing list tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
Hi Tim, everyone.
On 11/06/2015 08:41 PM, Tim Wilson-Brown - teor wrote:
The directory authorities are generally more concerned when they *don't* stop it afterwards, and instead keep running it, perhaps with extra logging, packet dumps, and decryption via seized private keys.
Is there a reliable way for an operator to detect this?
hope you are well t
On 10 Nov 2015, at 11:28, Tim Sammut tim@teamsammut.com wrote:
Hi Tim, everyone.
On 11/06/2015 08:41 PM, Tim Wilson-Brown - teor wrote:
The directory authorities are generally more concerned when they *don't* stop it afterwards, and instead keep running it, perhaps with extra logging, packet dumps, and decryption via seized private keys.
Is there a reliable way for an operator to detect this?
If the directory authorities have removed the relay from the consensus, only they will see its fingerprint in their logs.
If they haven't, and it's running on the public network, the fingerprint will be visible in Globe as a running relay. https://globe.torproject.org/
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
Hi Tim, sorry.
On 11/10/2015 12:33 AM, Tim Wilson-Brown - teor wrote:
On 11/06/2015 08:41 PM, Tim Wilson-Brown - teor wrote:
The directory authorities are generally more concerned when they *don't* stop it afterwards, and instead keep running it, perhaps with extra logging, packet dumps, and decryption via seized private keys.
Is there a reliable way for an operator to detect this?
If the directory authorities have removed the relay from the consensus, only they will see its fingerprint in their logs.
If they haven't, and it's running on the public network, the fingerprint will be visible in Globe as a running relay.
I meant is it possible for a relay operator to detect if a snapshot of a running VM or VPS has been taken? Asked slightly differently, if I have a relay running as a VPS or VM, can I somehow detect if my provider took a snapshot of the relay without informing me?
Following from that, are uninterrupted snapshots of running VMs possible in all hypervisors or should we be using the provider's hypervisor technology choice to inform how we decide which providers to use?
thanks and hope you are well tim
On 10 Nov 2015, at 11:40, Tim Sammut tim@teamsammut.com wrote:
Hi Tim, sorry.
On 11/10/2015 12:33 AM, Tim Wilson-Brown - teor wrote:
On 11/06/2015 08:41 PM, Tim Wilson-Brown - teor wrote:
The directory authorities are generally more concerned when they *don't* stop it afterwards, and instead keep running it, perhaps with extra logging, packet dumps, and decryption via seized private keys.
Is there a reliable way for an operator to detect this?
If the directory authorities have removed the relay from the consensus, only they will see its fingerprint in their logs.
If they haven't, and it's running on the public network, the fingerprint will be visible in Globe as a running relay.
I meant is it possible for a relay operator to detect if a snapshot of a running VM or VPS has been taken? Asked slightly differently, if I have a relay running as a VPS or VM, can I somehow detect if my provider took a snapshot of the relay without informing me?
As far as I know, there are ways to detect some kinds of access, but I'm pretty sure there are exceptions.
Pedantically, I'm not even sure it's possible: * to detect all memory snapshots on some physical hardware configurations. * to detect whether you're running on a VM/VPS or dedicated machine (but most hypervisors will tell you).
However, it's worth noting that the Tor network security model relies on semi-trusted directory authorities and untrusted relays. Occasional compromises can be tolerated while maintaining overall network security (of course, some specific users of those relays may have some specific activity disclosed, particularly if information from multiple sources is combined).
Following from that, are uninterrupted snapshots of running VMs possible in all hypervisors or should we be using the provider's hypervisor technology choice to inform how we decide which providers to use?
I don't know enough to answer this.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
On Tue, Nov 10, 2015 at 12:40:19AM +0000, Tim Sammut wrote:
I meant is it possible for a relay operator to detect if a snapshot of a running VM or VPS has been taken? Asked slightly differently, if I have a relay running as a VPS or VM, can I somehow detect if my provider took a snapshot of the relay without informing me?
Probably not. With most VM solutions, storage is pretty well abstracted from the virtual guests. I know that with Xen and OpenVZ, the typical way storage is provided (loopbacks) gives no way for the guest to see what the hypervisor is doing to the data. Furthermore, if the data is on a SAN, there's even more ways that the data can be snooped at without informing the guest of such activities.
Following from that, are uninterrupted snapshots of running VMs possible in all hypervisors or should we be using the provider's hypervisor technology choice to inform how we decide which providers to use?
Storage tech is mostly independent of virtualization tech. I don't think it really matters what hypervisor is used. Ultimately, the hypervisor must be trusted regardless of what storage is in use, so I don't think it really matters, either. If you're really worried about security, run your Tor node on hardware you control.
--Sean
On 10 Nov 2015, at 14:03, Sean Greenslade sean@seangreenslade.com wrote:
On Tue, Nov 10, 2015 at 12:40:19AM +0000, Tim Sammut wrote:
I meant is it possible for a relay operator to detect if a snapshot of a running VM or VPS has been taken? Asked slightly differently, if I have a relay running as a VPS or VM, can I somehow detect if my provider took a snapshot of the relay without informing me?
Probably not. With most VM solutions, storage is pretty well abstracted from the virtual guests. I know that with Xen and OpenVZ, the typical way storage is provided (loopbacks) gives no way for the guest to see what the hypervisor is doing to the data. Furthermore, if the data is on a SAN, there's even more ways that the data can be snooped at without informing the guest of such activities.
You could use an encrypted disk partition for key storage, but that only protects the keys "at rest", and not in memory.
There is also ongoing development work on offline ed25519 master identity keys. The master key need never be stored on the server itself. Instead, it is used to certify a number of medium-term signing keys, and those keys are then sent to the server. An operator can limit the scope of compromise to the number of signing keys on the server.
An operator can transmit the next signing key just before the previous one expires, limiting the scope of compromise to a single signing key.
There is also work on key revocation, where a key can be cancelled in the event of compromise.
See https://trac.torproject.org/projects/tor/ticket/13642 https://trac.torproject.org/projects/tor/ticket/13642 for more details.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
tor-relays@lists.torproject.org
-
DerTor Steher -
I -
Josef Stautner -
justaguy -
Kevin Beranek -
Moritz Bartl -
Nima Fatemi -
Sean Greenslade -
Tim Sammut -
Tim Wilson-Brown - teor