Hello my fellow relay operators,
I just received an email that was sent to many relay operators' contact emails. The content is as follows:
// Start message
Hello to all the relays operators. My name is Zakwan Kalb. I'm investigating a possible ongoing end-to-end confirmation attack run by the Torproject.
Please reply to me if you have encountered one of the following and provide as much information as possible: 1. Your relay has been removed by the Torproject. (You've seen something like that in your log files: "http status 400 ("Fingerprint and/or ed25519 identity is marked rejected ...") 2. The Torproject added flags it's not supposed to add to your relays (BadExit, MiddleOnly) 3. You have been asked by the Torproject to install unknown software, spy on users or do something else that's suspicious 4. You know something about the ongoing attack
I have some evidence of the attack: the Torproject doesn't allow people to run relays by removing them from the network or making them unusable as Guard or Exit for no known reason for years. A random person cannot run a Guard or Exit relay. Thus the Tor network is entirely run by the people chosen by the Torproject by unknown criteria.
More evidence and details are needed. I think we need to discuss this issue with each other, contact the media and freedom of speech organizations and let people know what's happening.
// End message
Looking through his mailing list history it looks like he was asking about this same thing back in 2021. Just wanted to give everyone a heads up.
It doesn't seem like there's any malicious intent, maybe a bit of schizophrenia perhaps, but I've reached back out simply asking if he has any proof of anything actually going on just to appease my own curiosity.
I have no further comment about this.
Zachary
Hello my fellow relay operators, It doesn't seem like there's any malicious intent, maybe a bit of schizophrenia perhaps, but I've reached back out simply asking if he has any proof of anything actually going on just to appease my own curiosity. (…) I have no further comment about this.
Thanks, Zachary.
Per the principle of not giving exposure, I avoided posting a message. After all, all of us are going to receive it. My only concern was, that perhaps only I got the email. Making that some weird kind of a phishing attack. Now it’s clear that’s not the case.
It seems that the person harvested emails and indiscriminately spammed everybody: the recipients list contains @torproject.org too.
I agree regarding this not being malicious. However. If we’re wrong, I see two options to be cautious about. It may be FUD against Tor: the network or the project. With the goal of either discouraging participation or presenting us to other observers as not caring. Or it may be an attempt to collect data on relay operators. What kind, I can’t tell, but this is the kind of message that triggers xkcd 386 and engaging in a mail exchange.
Cheers, keep relaying and carry on
Hello!
A couple of days ago, on 2025-02-06, an unknown family with 24 exit relays showed up in the Tor network. We followed our usual approach[1] in those cases: reaching out to the operator welcoming them in our community while at the same time being cautious and keeping the relays in a middleonly position until we know more about that large group.
It turns out that while this operator was using a different identity this time, they are a known attacker that showed up as Zakwan Kalb on our network previously. Some of you might remember them complaining about their relays being banned from the network more than three years ago and spreading fear, uncertainty and doubt (FUD) after that, including reaching out to some of you in private.[2] We heard they did that again on the weekend, this time accusing the Tor Project of, among other things, not allowing a random person to run relays and that the Tor network is run entirely by people chosen by us. Moreover, they alluded to us running a possible end-to-end confirmation attack in the Tor network itself.
None of those claims is correct and, therefore, please ignore that email in case you got it.
Moreover, such FUD tactics are to be expected by adversaries that try to harm the Tor network and who are confronted with the day-to-day work the network-health and community teams together with relay operators and directory authorities are doing to keep the network safe.
A strong community is a good remedy against those attempts to disrupt our network and project. Thus, let's stay vigilant and build trust in each other, and keep those bad actors we find out of the network.
Thanks, Gus
[1] https://blog.torproject.org/malicious-relays-health-tor-network/ [2] https://lists.torproject.org/mailman3/hyperkitty/list/tor-relays@lists.torpr...
On Mon, Feb 10, 2025 at 11:20:44AM +0100, mpan via tor-relays wrote:
Hello my fellow relay operators, It doesn't seem like there's any malicious intent, maybe a bit of schizophrenia perhaps, but I've reached back out simply asking if he has any proof of anything actually going on just to appease my own curiosity. (…) I have no further comment about this.
Thanks, Zachary.
Per the principle of not giving exposure, I avoided posting a message. After all, all of us are going to receive it. My only concern was, that perhaps only I got the email. Making that some weird kind of a phishing attack. Now it’s clear that’s not the case.
It seems that the person harvested emails and indiscriminately spammed everybody: the recipients list contains @torproject.org too.
I agree regarding this not being malicious. However. If we’re wrong, I see two options to be cautious about. It may be FUD against Tor: the network or the project. With the goal of either discouraging participation or presenting us to other observers as not caring. Or it may be an attempt to collect data on relay operators. What kind, I can’t tell, but this is the kind of message that triggers xkcd 386 and engaging in a mail exchange.
Cheers, keep relaying and carry on _______________________________________________ tor-relays mailing list -- tor-relays@lists.torproject.org To unsubscribe send an email to tor-relays-leave@lists.torproject.org
tor-relays@lists.torproject.org
-
gus -
mpan -
Zachary