[tor-relays] >23% Tor exit relay capacity found to be malicious - call for support for proposal to limit large scale attacks

Charly Ghislain charlyghislain at gmail.com
Sun Jul 12 12:40:34 UTC 2020 

There seems to be a consensus toward building a web of trust.
Thinking about it again, I don't like much the direction it is going.

I see tor as a web of untrust actually. I never much appreciated the power
already granted to
directory authorities. I want to be able to use any relay (I choose) as
guard or exit easily
(at the operator's discretion), but currently unless Im mistaken I need to
wait for those authorities
to flag them as appropriate.

Some of this power makes sense at the network level to balance traffic
fluently between relays and
decrease the probability of bad actors obtaining meaningful data, but
others like the recent ban
initiated by nunseu sounds like abuse to me. His proposal moves forward in
that direction imo.

To be clear, I rely on him and others monitoring the network for bad actors
and I believe
they made the right move when kicking them off.

However I think it would be preferable to keep as much as possible the open
design at the network level.
Anything trying to build a web of trust should be completely separate, for
instance published white and blacklists.
Authorities flagging relays with verified email or physical addresses could
publish their lists, and this could
be used by the clients with the default configuration.
But no single relay - however bad someone thinks it is - should be kicked
off the network by the network itself.
Especially not on the basis of individual human decisions.

There are a lot of other ways to mitigate sybil attacks, and contrary to
the blog post statement that tor can handle
some malicious relay only, I believe the design allows for a network
entirely powered by malicious relays provided they
are belonging to different actors and sufficiently distributed amongst
them. I personally would not trust any relay Im
not operating directly.

Isn't it a good time to move more decisions to the clients, like choosing
between speed vs randomness, agreeing on
blacklists/whitelists of some authority, etc?
Im sorry if I missed some obvious goals of the project or that Im bringing
up previously discussed options.

c
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20200712/4f764047/attachment.htm>

More information about the tor-relays mailing list