[tor-relays] 4 of Conrad Rockenhaus trial servers are in the top ten exit relays for Canada

Nathaniel Suchy me at lunorian.is
Tue Aug 28 02:45:57 UTC 2018 

Hi again,,

> A valid point, thanks for linking the paper. I have the utmost belief
your intentions are good, but the concentration of exits under a
non-advertised central control warrants conversation, at least.

I discussing the best way to handle this is important. However I think it's
unfair to expect one small provider to go through the hassle of correlating
MyFamily across customers, while big providers like Digitalocean are fine.

> If you grow beyond a /24, it's worth knowing that Tor's current path
selection avoids the same /16 for IPv4, and will soon avoid the same
/32 for IPv6:
https://trac.torproject.org/projects/tor/ticket/24393

The avoiding /32 will be very positive as IPv6 relays become more wipe
spread.

> If the end goal is turning $ into relays, not all paths are paved with
equal mind to security and it might be worth considering donation-backed
alternatives.

Two things here:

1) We are hosting more than just Tor relays. While Tor relay operators are
a target demographic, over time we expect to be a free speech friendly
hosting provider, and also already offer remote desktops and a vpn service.
In the future it's quite possible that we may have a donation option for
managed Tor exits. There are a lot of options we could take.
2) While we can technically access a customer's data if we're motivated
enough - we believe splitting control across different operators is
important.

> One might worry more what Mega and Gigacorps are doing,
secret partner friendly endeavours with Govts against you,
than what some tiny ISP or whoever is doing with a few boxes.

It's quite true hosting providers might collude with law enforcement. Tor
isn't designed to fight against a global passive adversary, there isn't
enough research on protecting against a such a powerful adversary.

> And was posted here many times about creating additional trust
models and layers for relays, audits metrics and choices for users
beyond the CIDR/nn and Family game that might go towards
satisfying some reasonable concerns in that space... but crickets.
>
> And when you can't trust your CPUs, ISPs, operators, Govts, or
even your own anonymous overlay networks strength against them...
it's probably time for strategic rethink.

When it gets to the point you are worried all computers have a hardware
backdoor, maybe computers and the internet are too dangerous for your
thread model and you should consider alternate ways of communication not
involving technology.

Teor: I read your email regarding off-topic emails and I agree. I'm going
to create a new thread regarding path selection and relays at the same
hosting provider. I don't want to continue a thread regarding Conrad and
I's services as that's been discussed enough. Let's discuss path
selection among the same hosting provider in general.

On Mon, Aug 27, 2018 at 10:09 PM teor <teor at riseup.net> wrote:

> > On 28 Aug 2018, at 10:47, Nathaniel Suchy <me at lunorian.is> wrote:
> >
> > Tor will already avoid making circuits where two IP Addresses in the
> same /24 are involved.
>
> If you grow beyond a /24, it's worth knowing that Tor's current path
> selection avoids the same /16 for IPv4, and will soon avoid the same
> /32 for IPv6:
> https://trac.torproject.org/projects/tor/ticket/24393
>
> T
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180827/9e31b17d/attachment.html>

More information about the tor-relays mailing list