[tor-relays] >23% Tor exit relay capacity found to be malicious - call for support for proposal to limit large scale attacks

[Jonas]

Hi, 

Overall supportive of ways to manage bad relays. I switched to bridges because the MyFamily nonsense is too much of a burden to maintain (even with the hacks available on the tor wiki). If you can detect the "bad relays", why not simply flag them and move on? I read this to mean that nusenu and tor have a different definition of "bad relay" and those with the ability to ban are not as ready to destroy 20% of exit capacity.

A few concerns about the proposed plans. Putting a validated email address in a public field is a concern. It becomes trivial to scrape the address and spam the relay operator. Personally, this is a problem for now (2,500 spam emails in the past week). Potentially, someone is targeting relay operator contact info. I only use this email for tor relays (and posting to this list). I believe this is my first post to the list, so the only ways someone could find my address is from my public relay or if tor's mailing list system is compromised. Alternatively, riseup is compromised because "bad-relays at riseup.net" emailed the address from my public relay contact info field.

Require PGP/GPG is silly. It is a failed system and is easily exploited to find all connections in a social network map. Even the US EFF wants you to stop using it[1]. The system was exploitable for a decade before users noticed. One can be sure governments exploited this heavily.

Physical address verification is unacceptable. Not only would tor possibly know a mailing address, some third party organization also knows it (RiseUp, CCC, DFRI). Under GDPR, I want to know their data handling practices and then subsequently ask them to remove any of my data. With this scenario, we are all a single legal request away from a government agency having all of this data. I understand the USA and EU abuses this system constantly with secret requests. Police and intelligence agencies already have thousands of idle shelf companies waiting to be used. All this requirement does is kick out private citizens and hands the tor network to large entities. 

This returns me to the original question, if "bad relays" are already detected, then why not simply enforce bans against these relays? You are already actively managing the capacity of the network by dumping tor releases deemed to be old or bad in some ways.

1. https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now