25 tbreg relays in directory
peihanru at gmail.com
Sun Jun 28 12:09:25 UTC 2009
On 2009-04-27 18:27 CST, Scott Bennett wrote:
> torstatus currently shows 25 different relays that are all named "tbreq"
> and appear to be in China. I wonder whether these are due to some benighted
> user restarting tor after clearing its key files every time, or whether there
> may be several that are all owned by one organization. All but four are
> marked as being "offline".
I finally got a plausible answer a few days ago.
The short answer is, someone are making use of Tor to do nasty things,
and all "tbreg"s aren't aware they are running Tor relays.
The long answer.
"tbreg" stands for "TaoBao REGistrar". TaoBao is an eBay-like website in
China. Some sellers want to quickly increase their reputations
(so-called refresh) in order to attract more buyers. The first thing for
them is to register multiple accounts. However, TaoBao is rigorous on
this, a single IP is only allowed to register one or two accounts. So,
someone realize this need and begin to sell softwares which
automatically register large number of TaoBao accounts. Tor, together
with Privoxy are used as a HTTP proxy to bypass the IP restriction. For
some reasons I don't understand, this software will run Tor as a relay.
I've downloaded the software and tested, the version of Tor in it is
indeed 0.2.1.2-alpha, torrc in it is
SocksPort 9050 # what port to open for local application connections
SocksListenAddress 127.0.0.1 # accept connections only from localhost
You may test yourself, the download link is
Finally some random thoughts.
1. We shall be reassured for a moment, these relays won't do much harm
to the Tor network. I'm more concerned about the people running these
relays, their computers aren't protected at all. But considering the
things these guys are doing... well, let it go!
2. Why Tor runs in a relay mode?
3. Should these "tbreg"s be banned from the Tor network? If so, what's
the best way to do?
More information about the tor-talk