[tor-dev] protecting users from known relay groups with end-to-end correlation capabilities
nusenu at openmailbox.org
Fri Dec 2 21:50:00 UTC 2016
it is a well known fact that MyFamily is a largely ignored setting,
luckily this is not a problem in most cases because
- all relevant relays are run in a single /16
- are only guard relays (exit probability = 0*)
- are only exit relays (guard probability = 0*)
but there is a limited number of relay groups** that have actual
end-to-end correlation capabilities, meaning they are potentially chosen
by tor clients for the guard _and_ exit position, even if the odds are
(hopefully) not very high.
These potentially dangerous relay groups
- are run in multiple /16 netblocks
- have an exit _and_ guard probability of > 0 (because they run exits
Examples (generated daily):
How could the risk for tor clients be reduced?
(options after enough dir auths came to the conclusion that these relays
are in fact operated by a single entity)
1) try to contact the operators and give them time to fix it
I've done that multiple times but haven't been successful 
2) build tools to easily/automatically manage MyFamily
done, but it is unlikely to be used
3) assign them the badexit flag
since exits are a scarce resource, not very wise
4) assign them the badguard flag
there is no such thing ;)
5) blacklist the entry guards (that are outside the configured family)
6) change tor's path selection algorithm to never choose more than one
relay with a given non-empty non-default contact string?
This would basically turn the ContactInfo field into the PoS token
mentioned by Mike in . Since there are a few common contactInfo
strings this is probably not the best option without excluding them.
* if we can assume onionoo's values to be accurate and realistic
** they are considered to be operated by a single group due to their
contactInfo descriptor field. This string is not verified in any way and
can therefore result in false-positives.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the tor-dev