[tor-talk] current policy on: giving entire families the badexit flag

grarpamp grarpamp at gmail.com
Sat Apr 25 07:22:34 UTC 2015


> if a single or multiple exit relays in a
> declared MyFamily do things that get them the badexit flag. Will other
> relays in that family also get that flag?
>
> One such example is the following family where 2 out of 3 got the bad
> exit flag (the ones that got the flag were probably shutdown since
> they are of no use to the attacker anymore):

A bad exit is a badexit. If someone's operating a bad family, especially
a widely distributed one, and plays quiet when their name is called on
these lists, I'd sink the whole family and ask questions later. An upstream
could be causing the bad exit, affecting some percent of the family from
0-100, so fault might not be the operator if they were narrow, but they're still
systems manager and hopefully able to fix or cancel the bad exit situation.
Probably have to look at the benefit to the net vs the severity of the nature
of the bad exit and its possible relation to the family and upstream.
A HS email contact is not unreasonable even for silent anon operators.
They can cover any issue in public or in private to badexit as desired
or at least receive reports. And are not the top bandwidth operators of
generally known, leading to not much impact if a sub 20% family gets
k-lined? So probably then safer to sink when in doubt.


More information about the tor-talk mailing list