[tor-relays] I bumped out some more bad relays
Croax
croax at pepta.net
Sat Oct 31 08:37:38 UTC 2020
Hi all
On Fri, 2020-10-30 at 23:05 -0400, Roger Dingledine wrote:
> I spent some time this week refining a new exit scanner, and today we
> pushed some new reject rules to kick out some relays that we
> confirmed
> were running mitmproxy to do more sslstrips.
Good. Does this mean it will be check and bumped more regularly?
I see that lots of relays are running for more than one month from
now.
> Expect some upcoming next steps that aim to change the fundamental
> arms
> race, including experiments to use https by default in Tor Browser,
> either
> via HTTPS Everywhere's "Encrypt All Sites Eligible" option (you can
> turn
> that on right now) or via Firefox's upcoming built-in version of the
> idea:
> https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/19850
Yes. From the browser perspective, HTTPS should be enforced whatever
the context. We may blame final Tor users or website administors for
not following security guidance (eg. HSTS preload) but in the end it is
the Tor user privacy that is compromised. This is lasting for months
and could have been easily prevented. This game of cat and mouse is not
good for Tor reputation.
Thanks
--
Croax
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20201031/4a23e122/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20201031/4a23e122/attachment.sig>
More information about the tor-relays
mailing list