[tor-relays] >23% Tor exit relay capacity found to be malicious - call for support for proposal to limit large scale attacks
lists at for-privacy.net
lists at for-privacy.net
Sun Jul 12 03:07:03 UTC 2020
On 09.07.2020 00:20, Jonas wrote:
> If you can detect the "bad relays", why not simply flag them and move
> on?
I agree with you for publicizing bad relays and locking them faster.
Personally, I blocked some exits in my Tor browser. E.g. these expensive
high bandwith (unnamed & without mail contact)
https://metrics.torproject.org/rs.html#toprelays
> A few concerns about the proposed plans. Putting a validated email
> address in a public field is a concern. It becomes trivial to scrape
> the address and spam the relay operator. Personally, this is a problem
> for now (2,500 spam emails in the past week).
However, the validation email address only needs to be available for a
short time.
Many providers require that you have an abuse address for an exit
server. I have my email not obfuscated and hardly get any spam.
And when I get some, I will change it. ;-)
https://metrics.torproject.org/rs.html#search/TorOrDie4privacyNET
(greylisting, amavisd & spamassassin can help)
> Require PGP/GPG is silly. It is a failed system and is easily exploited
> to find all connections in a social network map. Even the US EFF wants
> you to stop using it[1]. The system was exploitable for a > decade
> before users noticed.
PGP/GPG should be used here for verification, not for encryption. Every
Debian or Githup package is GPG signed.
> With this scenario, we are all a single legal request away from
> a government agency having all of this data. I understand the USA and
> EU abuses this system constantly with secret requests. Police and
> intelligence agencies already have thousands of idle shelf companies
> waiting to be used.
I am sure that they have direct access to DNS Whois address owner. And
the address lists of large providers (Hetzner, OVH and Online S.a.s)
will have had them for a long time.
Old rule: 'follow the money'. Anyone who does not use Monero to pay for
their servers @ provider is known to them. Combating terrorism and child
pornography makes it possible.
They don't have to come to the Tor Project office with a legal request
;-)
Tor Project has my address and bank details for a long time.
The people from the CCCCologne know where I live anyway. Ah, and
niftybunny too.
--
╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!
More information about the tor-relays
mailing list