[tor-relays] suspicious "Relay127001" relays

Ivan Markin twim at riseup.net
Thu Jul 7 21:06:00 UTC 2016


simon:
> As I see it, removing via directory authority consensus is still the
> cleaner way, especially in a case of ~100 similar nodes.
>
> What came to my mind was something like a bugtracker for bad nodes.

Yes, but it's too crafty and should be done by hand. Doing so is error
prone/unstable/complicated/unscalable if there is no algorithms to seed
sybils out (like ones by Philipp Winter et. al.) in automatic manner
integrated into DirAuths.


> This way, all node operators can file suspicious nodes to be excluded,
> which achieves more than blacklisting on their tiny fraction of the network.
> It would introduce more transparency because relay operators can
> actually see someone is working on getting a dir auth consensus and get
> status updates; or at least there is a discussion why there won't be any
> blocking.

As any reporting this can open new attack surface for 'report sybils'
who report against some relays to influence path selection.

With peering policy, I see it like relay operator can decide that they
do accept ('accept' policy) only 'this-group-of-relays' and nothing
more. In case when a new group of sybils appears it cannot be used with
the relay. It raises diversity in the network. So if something goes
wrong with global or fenced 'part' of the network, it can have less
damage since not all relays are affected.
It's more like not all relays on the Tor network are exits. And it's for
a reason, e.g. one can get into a legal trouble for running an Exit node
in some countries but everything is fine without exiting there.

--
Ivan Markin



More information about the tor-relays mailing list