[tor-relays] relay impersonation (contactinfo)

nusenu nusenu-lists at riseup.net
Wed Mar 31 22:25:41 UTC 2021 

Hi,

I'd like to raise your awareness of an ongoing scheme of questionable entities that 
make use of your name or relay contactinfo and/or relay nicknames. Those using other people's
relay _nicknames_ got and get spotted by multiple people already and are somewhat obvious (at least for now), 
but I'd like to highlight those using familiar names in contactInfo
that are likely less frequently uncovered because people lookup their relays by searching for
their relay nicknames (and not so often by searching their contactinfo).

So here are two practical things that you can do to help uncover more of them:

- list your relay fingerprints under the well-known tor-relay URI: https://<your domain>/.well-known/tor-relay/rsa-fingerprint.txt
and add "url:<your domain> proof:uri-rsa ciissversion:2" to your ContactInfo
to allow for automated linkability verification. 
This protects your relays against spoofing of the url field.
A domain is not required: You can use github-pages or similar if you do not have a domain.
more details:
https://gitlab.torproject.org/tpo/core/torspec/-/blob/master/proposals/326-tor-relay-well-known-uri-rfc8615.md
https://nusenu.github.io/ContactInfo-Information-Sharing-Specification/
Thanks to the 291 relays, that allow for automated verification already.
Verifiable relay groups also get graphs on OrNetStats, for an example see: https://nusenu.github.io/OrNetStats/artikel10.org.html

- search for your names/nicknames/org names/... in the ContactInfo field. On Relay Search you can do so using "contact:searchstring"
Be creative in your search terms. This even makes sense if you do not run relays at all but your name is somewhat known in this context.


kind regards,
nusenu





-------- Forwarded Message --------
Subject: tor relays rosiwig429(at)lidte(dot)com
Date: Tue, 30 Mar 2021 23:55:01

> 2021-03-29
> 
> |   Up |   Ext | JoinTime   | IP             | AS                                       | CC   |   ORp |   Dirp | OS    | Version   | Nickname         |   eFamMembers | FP                                       |
> |------+-------+------------+----------------+------------------------------------------+------+-------+--------+-------+-----------+------------------+---------------+------------------------------------------|
> |    1 |     1 | 06:25:11   | 103.82.32.14   | CMC Telecom Infrastructure Company       | vn   |  9001 |   9030 | Linux | 0.4.5.7   | coffswifi5       |             1 | B8D95BB1AAFB6F234EC50A100F46E4CC8E8E90FB |
> |    1 |     1 | 07:34:40   | 78.138.135.110 | Ojsc oao Tattelecom                      | ru   |  9001 |   9030 | Linux | 0.4.5.7   | artikel5ev3b2    |             1 | 771C9BC56DF4B29BA97CAA9387FB1FC140CFE3E3 |
> |    1 |     1 | 13:43:04   | 103.56.156.143 | VNPT Corp                                | vn   |  9001 |   9030 | Linux | 0.4.5.7   | CalyxInstitute18 |             1 | 04998AB63A49C4A0B5A5CD2994D95D098D2B5399 |
> |    1 |     1 | 14:28:18   | 77.245.158.134 | Niobe Bilisim Teknolojileri Yazilim San. | tr   |  9001 |   9030 | Linux | 0.4.5.7   | Merlin2          |             1 | B4285A497939D190739C976B947053D6CC0AE07C |


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20210401/cebdb41e/attachment.sig>

More information about the tor-relays mailing list