[tor-relays] Possible problem with NYX

Damian Johnson atagar at torproject.org
Wed Sep 5 16:14:21 UTC 2018

> There are so many edge cases for this check.
> Flags are a *recommendation* to clients. They don't force clients
> to behave a certain way.
> For example:
> * clients connecting via bridges can use a middle node as their
>   second hop. These middle nodes will leak bridge addresses via nyx.
> * clients and relays can have different consensuses:
>   * if a relay loses the Guard flag, and finds out earlier than its clients,
>     nyx will stop protecting those clients
>   * if a client finds out before the relay, nyx won't protect those clients
> * some Tor client versions don't check the guard flag at all. Others
>   keep their guards, even if they lose the flag
> * middle and exit relays can be used as bridges, even if they don't set
>   BridgeRelay
> * older Tor versions have a non-zero probability of choosing any relay
>   as an entry, even if it doesn't have the guard flag
> * various config options make tor clients ignore the Guard flag
> Please only show an IP if the relay is already public in the consensus.

Thanks teor, great point. Will do:

More information about the tor-relays mailing list