[tor-relays] >50% tor exit capacity is now safer against ContactInfo impersonation attacks

nusenu nusenu-lists at riseup.net
Thu Sep 9 22:47:00 UTC 2021 

Hi,

when analyzing unusual activities on the tor network
one of the problems always was the fact that tor relay ContactInfos are
an unverifiable claim. This has been exploited by malicious entities multiple times
to setup malicious relays using other people's contact details.

Since the release of the ContactInfo Information Sharing Specification (version 2)
in October 2021 there is an easy option to setup ContactInfo strings that contain a non-spoofable domain
to address this issue.
https://lists.torproject.org/pipermail/tor-relays/2020-October/019024.html


By now over 900 tor relays have set a verifiable domain in their ContactInfo,
and this week the landmark of 50% of the tor network's exit capacity has been reached.
graph:
https://nusenu.github.io/OrNetStats/exit-fractions
(since so many operators implemented the spec the mouse-over on that graph
is a bit overwhelmed - I'll fix that soon-ish :)

It is important to note that a verifiable domain in a ContactInfo string does _not_ mean
"this relay is certainly not malicious"
after all malicious relay operators can setup verified domains as well
with a domain under their control, but having non-spoofable operator identifiers are the
foundation for operator trust based relay selection.
It is easier to say
"I trust www.quintex.com to operate relays without malicious intend"
than to say
"I trust CC14C97F1D23EE97766828FC8ED8582E21E11665,DE4F7A7B2DF8689B1F8D23ABA9E320D17638EAFD, ..."
because relay fingerprints are not human readable and are more likely to change over time.


In case you want to join the effort or simply would like to see
your operator level graphs - a nice side effect (example: https://nusenu.github.io/OrNetStats/hydra-family.github.io.html),
here is the short version on how to set a verifiable domain in your ContactInfo:
https://mastodon.social/@nusenu/106094297537909911


Thanks to everyone who joined so far and
indirectly helps with malicious relay analysis!

kind regards,
nusenu

-- 
https://nusenu.github.io

More information about the tor-relays mailing list