[tor-relays] Google Compute Engine rejected as relay?

Philipp Winter phw at nymity.ch
Fri Aug 21 17:40:39 UTC 2015

On Wed, Aug 19, 2015 at 10:00:54PM -0700, Greg wrote:
> I tried to spin up a relay on GCE a few days ago, and I found that it was
> outright rejected with a message like "Authdir is rejecting routers in this
> range". I don't have the IP handy now, but I could easily get another
> ephemeral IP.
> I thought I came across a thread saying that there was an attack on the tor
> network originating from GCE, and that's why it got blacklisted. I'm not
> finding that thread now. But is GCE going to be removed from the blacklist?
> I realize it's not a very economical place to run a relay.

I wonder if we wouldn't be better off with GCE remaining blocked.  Cloud
platforms seem quite popular among attackers -- presumably because they
can quickly give you a large number of disposable machines.  Naturally,
there will also be benign relays running on cloud platforms.  We might
have to do some number crunching to ponder if the benefit of having
these benign relays outweighs the potential harm of attackers being able
to use GCE et al.

Second, and perhaps less obvious, Google is already in a privileged
position as many exit relays use Google's public DNS server as resolver.
If GCE machines end up being guard relays, Google might be able to
correlate some DNS requests of the Tor clients that end up selecting GCE


More information about the tor-relays mailing list