[tor-talk] Automatic vulnerability scanning of Tor Network?

Nick Mathewson nickm at alum.mit.edu
Tue Dec 20 19:06:19 UTC 2011

On Tue, Dec 20, 2011 at 1:35 PM, Fabio Pietrosanti (naif)
<lists at infosecurity.ch> wrote:

>> Absolutely brilliant.  Someone donates to your cause and, if they
>> don't come up to your standards, you do your best to ensure they get
>> pwned instead of just dropping them from the donor list.
> If you want to participate to the Tor Network you must responsible, that
> means also keeping your system secure.

When I read Lee's above paragraph, I worry Lee might have gotten the
idea that Fabio is speaking for Tor in some official capacity.  So:
Please be aware that Fabio is speaking for himself, and does not speak
on behalf of the Tor Project.

For my own part, I am perfectly fine with the idea of working *with*
server operators to help them secure their systems, and with making
sure that only secure systems are on the network.  But efforts in this
area need to work with the foreknowledge and consent of node
operators, and not alienate our volunteer community.  Also, the
appropriate response to horribly insecure servers on the network would
be to inform the operators and de-list the servers if they didn't get
fixed--not to publicly post them but leave them on the network.  That
would be the worst of all worlds.


More information about the tor-talk mailing list