[tor-relays] I bumped out some more bad relays
Roger Dingledine
arma at torproject.org
Sat Oct 31 11:12:35 UTC 2020
On Sat, Oct 31, 2020 at 09:37:38AM +0100, Croax wrote:
> Good. Does this mean it will be check and bumped more regularly?
> I see that lots of relays are running for more than one month from
> now.
I hope so. I plan to keep running my new scripts and see where things
go. Part of it depends on the next steps of the jerk who is doing this.
Or said from the other side: if you find a misbehaving relay, or if you
find that a particular url seems like it's being intercepted even if
you can't figure out which relay is doing it, please report it!
The sad version of the story is that there's a "long tail" of possible
sites that they could mess with, and if they only mess with unpopular
or uncommon, it might be a while until anybody notices.
But the happy version of the story is that the more we and others check,
the farther down the long tail we push them, i.e. the lower profile they
need to be to remain unnoticed. And pushing them down the long tail is
also hopefully pushing them towards the point where their operations
are unprofitable.
I am definitely missing the in-person gatherings around the world here.
It used to be that we could say "Oh, you're in country X? Why don't
you meet with so-and-so who is nearby to you" and then build human
trust relationships. This year nobody meets anybody, and it is having
surprising second-order effects like limiting the growth of the global
internet freedom community.
> Yes. From the browser perspective, HTTPS should be enforced whatever
> the context. We may blame final Tor users or website administors for
> not following security guidance (eg. HSTS preload) but in the end it is
> the Tor user privacy that is compromised. This is lasting for months
> and could have been easily prevented. This game of cat and mouse is not
> good for Tor reputation.
I completely agree.
You're seeing the intersection of two core areas of Tor -- "Tor Browser"
and "network health" -- that were both impacted more than average by
our covid budget cuts. We definitely have gotten the attention of the
Tor Browser devs now, and these steps are on their roadmaps, so I'm
optimistic that we'll have some not-just-cat-and-mouse improvements in
the medium term.
--Roger
More information about the tor-relays
mailing list