[tor-dev] Should cloud-hosted relays be rejected?

grarpamp grarpamp at gmail.com
Tue Sep 1 04:41:46 UTC 2015

My sense of tor-relays is that "end users" as relay operators
(which presumably operate most relays, with places like
torservers doing the rest) just go looking for VPS accounts.
ie: compute platforms aren't their thing.

Which leaves the only real users of compute to be attackers
and researchers. The former we don't want, the latter we do.

Blocking compute seems fine based on its tiny resource contribution.
Researchers could come to Tor to unblock and share their project
though that could be discouraging, and there's currently no mechanism
for that.
Attackers often need lots of IP's and programmability at good cost,
which may not readily exist with VPS. Govts excepted.

On Mon, Aug 31, 2015 at 6:58 PM, nusenu <nusenu at openmailbox.org> wrote:
> Detecting new groups of relays in a single AS that all sign up in a

Blocking compute may limit the ability to openly survey the attack
space by forcing it to hide more.

> Please add that info (including the banned ISPs/ASes/IP ranges) to the
> documentation (i.e. relay setup guides [4])  so volunteers don't waste
> their time and money to setup blacklisted relays [5].


More information about the tor-dev mailing list