Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship
What if a Tor Bridge blocked connections to the tor network to selective client IPs? Would we keep it in BridgeDB because its sometimes useful? On Thu, Aug 30, 2018 at 10:02 PM arisbe wrote: > Children should be seen and not herd. The opposite goes for Tor relays. > Arisbe > > > On 8/30/2018 2:11 PM, Nathaniel Suchy wrote: > > So this exit node is censored by Turkey. That means any site blocked in > Turkey is blocked on the exit. What about an exit node in China or Syria or > Iraq? They censor, should exits there be allowed? I don't think they > should. Make them relay only, (and yes that means no Guard or HSDir flags > too) situation A could happen. The odds might not be in your favor. Don't > risk that! > > Cordially, > Nathaniel Suchy > > On Thu, Aug 30, 2018 at 3:25 PM grarpamp wrote: > >> This particular case receiving mentions for at least a few months... >> D1E99DE1E29E05D79F0EF9E083D18229867EA93C kommissarov 185.125.33.114 >> >> The relay won't [likely] be badexited because neither it nor its upstream >> is >> shown to be doing anything malicious. Simple censorship isn't enough. >> And except for such limited censorship, the nodes are otherwise fully >> useful, and provide a valuable presence inside such regions / networks. >> >> Users, in such censoring regimes, that have sucessfully connected >> to tor, already have free choice of whatever exits they wish, therefore >> such censorship is moot for them. >> >> For everyone else, and them, workarounds exist such as,,, >> https://onion.torproject.org/ >> http://yz7lpwfhhzcdyc5y.onion/ >> search engines, sigs, vpns, mirrors, etc >> >> Further, whatever gets added to static exitpolicy's might move out >> from underneath them or the censor, the censor may quit, or the exit >> may fail to maintain the exitpolicy's. None of which are true >> representation >> of the net, and are effectively censorship as result of operator action >> even though unintentional / delayed. >> >> Currently many regimes do limited censorship like this, >> so you'd lose all those exits too for no good reason, see... >> https://ooni.torproject.org/ >> >> https://en.wikipedia.org/wiki/Internet_censorship_and_surveillance_by_country >> >> And arbitrarily hamper spirits, tactics, and success of volunteer >> resistance communities and operators in, and fighting, such regimes >> around the world. >> >> And if the net goes chaotic, majority of exits will have limited >> visibility, >> for which exitpolicy / badexit are hardly manageable solutions either, >> and would end up footshooting out many partly useful yet needed >> exits as well. >> >> >> If this situation bothers users, they can use... SIGNAL NEWNYM, >> New Identity, or ExcludeExitNodes. >> >> They can also create, maintain and publish lists of whatever such >> classes of nodes they wish to determine, including various levels >> of trust, contactability, verification, ouija, etc... such that others >> can subscribe to them and Exclude at will. >> They can further publish patches to make tor automatically >> read such lists, including some modes that might narrowly exclude >> and route stream requests around just those lists of censored >> destination:exit pairings. >> >> Ref also... >> https://metrics.torproject.org/rs.html#search/as:AS197328%20flag:exit >> https://metrics.torproject.org/rs.html#search/country:tr%20flag:exit >> >> >> In the subect situations, you'd want to show that it is in fact >> the exit itself, not its upstream, that is doing the censorship. >> >> Or that if fault can't be determined to the upstream or exit, what >> would be the plausible malicious benefit for an exit / upstream >> to block a given destination such that a badexit is warranted... >> >> a) Frustrate and divert off 0.001% of Turk users smart enough to >> use tor, chancing through tor client random exit selection of your >> blocking exit, off to one of the workarounds that you're equally >> unlikely to control and have ranked, through your exit vs one >> of the others tor has open? >> >> b) Prop up weird or otherwise secretly bad nodes on the net, >> like the hundreds of other ones out there, for which no badexit >> or diverse subscription services yet exist to qualify them? >> >> c) ??? >> >> Or that some large number of topsites were censored via >> singular or small numbers of exits / upstreams so as to be >> exceedingly annoying to the network users as a whole, where >> no other environment of such / chaotic widespread annoyance >> is known to exist at the same time. >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> > > > ___ > tor-relays mailing > listtor-relays@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > -- > One person's moral compass is another person's face in the dirt. > >
Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship
Children should be seen and not herd. The opposite goes for Tor relays. Arisbe On 8/30/2018 2:11 PM, Nathaniel Suchy wrote: So this exit node is censored by Turkey. That means any site blocked in Turkey is blocked on the exit. What about an exit node in China or Syria or Iraq? They censor, should exits there be allowed? I don't think they should. Make them relay only, (and yes that means no Guard or HSDir flags too) situation A could happen. The odds might not be in your favor. Don't risk that! Cordially, Nathaniel Suchy On Thu, Aug 30, 2018 at 3:25 PM grarpampwrote: This particular case receiving mentions for at least a few months... D1E99DE1E29E05D79F0EF9E083D18229867EA93C kommissarov 185.125.33.114 The relay won't [likely] be badexited because neither it nor its upstream is shown to be doing anything malicious. Simple censorship isn't enough. And except for such limited censorship, the nodes are otherwise fully useful, and provide a valuable presence inside such regions / networks. Users, in such censoring regimes, that have sucessfully connected to tor, already have free choice of whatever exits they wish, therefore such censorship is moot for them. For everyone else, and them, workarounds exist such as,,, https://onion.torproject.org/ http://yz7lpwfhhzcdyc5y.onion/ search engines, sigs, vpns, mirrors, etc Further, whatever gets added to static exitpolicy's might move out from underneath them or the censor, the censor may quit, or the exit may fail to maintain the exitpolicy's. None of which are true representation of the net, and are effectively censorship as result of operator action even though unintentional / delayed. Currently many regimes do limited censorship like this, so you'd lose all those exits too for no good reason, see... https://ooni.torproject.org/ https://en.wikipedia.org/wiki/Internet_censorship_and_surveillance_by_country And arbitrarily hamper spirits, tactics, and success of volunteer resistance communities and operators in, and fighting, such regimes around the world. And if the net goes chaotic, majority of exits will have limited visibility, for which exitpolicy / badexit are hardly manageable solutions either, and would end up footshooting out many partly useful yet needed exits as well. If this situation bothers users, they can use... SIGNAL NEWNYM, New Identity, or ExcludeExitNodes. They can also create, maintain and publish lists of whatever such classes of nodes they wish to determine, including various levels of trust, contactability, verification, ouija, etc... such that others can subscribe to them and Exclude at will. They can further publish patches to make tor automatically read such lists, including some modes that might narrowly exclude and route stream requests around just those lists of censored destination:exit pairings. Ref also... https://metrics.torproject.org/rs.html#search/as:AS197328%20flag:exit https://metrics.torproject.org/rs.html#search/country:tr%20flag:exit In the subect situations, you'd want to show that it is in fact the exit itself, not its upstream, that is doing the censorship. Or that if fault can't be determined to the upstream or exit, what would be the plausible malicious benefit for an exit / upstream to block a given destination such that a badexit is warranted... a) Frustrate and divert off 0.001% of Turk users smart enough to use tor, chancing through tor client random exit selection of your blocking exit, off to one of the workarounds that you're equally unlikely to control and have ranked, through your exit vs one of the others tor has open? b) Prop up weird or otherwise secretly bad nodes on the net, like the hundreds of other ones out there, for which no badexit or diverse subscription services yet
Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship
How is situation 1 different from 2 from the user perspective? In both cases the user doesn't have access because of the country where the exit is running. A lot of countries have various levels of blocky (for example torrent websites in UK). Is the solution to only run all exits in a few "good" countries with no filtering but maybe some strong surveillance/analysis? On Thu, 30 Aug 2018, 16:22 Nathaniel Suchy, wrote: > The exit is behind a filtered ISP. Opposed to a website blocking exits. > That’s the difference. > > 1) The content provider causes the block. > 2) The exit causes the block. > > In situation two a censored user may give up on Tor entirely. Should we > allow exits in China or Iraq or Syria or Turkey or the several other > countries. What if their governments who can afford it spin up 10,000 exits > in an effort to censor the Tor Network. Will we sit idly by and allow it? > > On Thu, Aug 30, 2018 at 7:17 PM Pascal Terjan wrote: > >> A country's ISPs blocking some websites is not the exit blocking it and >> the result is the same than websites blocking the country, users of that >> exit can't access the websites just because the exit is in that country but >> doesn't do any filtering itself. >> >> On Thu, 30 Aug 2018, 16:14 Nathaniel Suchy, wrote: >> >>> That’s a website blocking Tor users. Not a Tor Exit blocking a website. >>> On Thu, Aug 30, 2018 at 7:06 PM Pascal Terjan wrote: >>> On Thu, 30 Aug 2018, 14:11 Nathaniel Suchy, wrote: > So this exit node is censored by Turkey. That means any site blocked > in Turkey is blocked on the exit. What about an exit node in China or > Syria > or Iraq? They censor, should exits there be allowed? I don't think they > should. Make them relay only, (and yes that means no Guard or HSDir flags > too) situation A could happen. The odds might not be in your favor. Don't > risk that! > Where do you put the limit? Various categories of websites are blocked in various countries either by ISPs or by content providers. For example should exits not be allowed to run in Germany due to https://en.m.wikipedia.org/wiki/Blocking_of_YouTube_videos_in_Germany ? Or not allow exits in EU due to the number of US websites deciding to block all of EU IPs to not have to comply to GDPR? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> ___ >>> tor-relays mailing list >>> tor-relays@lists.torproject.org >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship
Matthew: Built in functionality, maybe, an addon, no. Also either solution is a bandaid to the actual problem that we're allowing an exit with no contact information to censor Tor users with impunity! On Thu, Aug 30, 2018 at 8:01 PM Matthew Glennon wrote: > Could this be mitigated with a detection addon in Tor Browser? Detect that > the site may be blocked at the exit and offer to fetch a new circuit for > the site? > > > On Thu, Aug 30, 2018, 19:22 Nathaniel Suchy wrote: > >> The exit is behind a filtered ISP. Opposed to a website blocking exits. >> That’s the difference. >> >> 1) The content provider causes the block. >> 2) The exit causes the block. >> >> In situation two a censored user may give up on Tor entirely. Should we >> allow exits in China or Iraq or Syria or Turkey or the several other >> countries. What if their governments who can afford it spin up 10,000 exits >> in an effort to censor the Tor Network. Will we sit idly by and allow it? >> >> On Thu, Aug 30, 2018 at 7:17 PM Pascal Terjan wrote: >> >>> A country's ISPs blocking some websites is not the exit blocking it and >>> the result is the same than websites blocking the country, users of that >>> exit can't access the websites just because the exit is in that country but >>> doesn't do any filtering itself. >>> >>> On Thu, 30 Aug 2018, 16:14 Nathaniel Suchy, wrote: >>> That’s a website blocking Tor users. Not a Tor Exit blocking a website. On Thu, Aug 30, 2018 at 7:06 PM Pascal Terjan wrote: > > > On Thu, 30 Aug 2018, 14:11 Nathaniel Suchy, wrote: > >> So this exit node is censored by Turkey. That means any site blocked >> in Turkey is blocked on the exit. What about an exit node in China or >> Syria >> or Iraq? They censor, should exits there be allowed? I don't think they >> should. Make them relay only, (and yes that means no Guard or HSDir flags >> too) situation A could happen. The odds might not be in your favor. Don't >> risk that! >> > > Where do you put the limit? > > Various categories of websites are blocked in various countries either > by ISPs or by content providers. > > For example should exits not be allowed to run in Germany due to > https://en.m.wikipedia.org/wiki/Blocking_of_YouTube_videos_in_Germany > ? Or not allow exits in EU due to the number of US websites deciding to > block all of EU IPs to not have to comply to GDPR? > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> ___ >>> tor-relays mailing list >>> tor-relays@lists.torproject.org >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship
Could this be mitigated with a detection addon in Tor Browser? Detect that the site may be blocked at the exit and offer to fetch a new circuit for the site? On Thu, Aug 30, 2018, 19:22 Nathaniel Suchy wrote: > The exit is behind a filtered ISP. Opposed to a website blocking exits. > That’s the difference. > > 1) The content provider causes the block. > 2) The exit causes the block. > > In situation two a censored user may give up on Tor entirely. Should we > allow exits in China or Iraq or Syria or Turkey or the several other > countries. What if their governments who can afford it spin up 10,000 exits > in an effort to censor the Tor Network. Will we sit idly by and allow it? > > On Thu, Aug 30, 2018 at 7:17 PM Pascal Terjan wrote: > >> A country's ISPs blocking some websites is not the exit blocking it and >> the result is the same than websites blocking the country, users of that >> exit can't access the websites just because the exit is in that country but >> doesn't do any filtering itself. >> >> On Thu, 30 Aug 2018, 16:14 Nathaniel Suchy, wrote: >> >>> That’s a website blocking Tor users. Not a Tor Exit blocking a website. >>> On Thu, Aug 30, 2018 at 7:06 PM Pascal Terjan wrote: >>> On Thu, 30 Aug 2018, 14:11 Nathaniel Suchy, wrote: > So this exit node is censored by Turkey. That means any site blocked > in Turkey is blocked on the exit. What about an exit node in China or > Syria > or Iraq? They censor, should exits there be allowed? I don't think they > should. Make them relay only, (and yes that means no Guard or HSDir flags > too) situation A could happen. The odds might not be in your favor. Don't > risk that! > Where do you put the limit? Various categories of websites are blocked in various countries either by ISPs or by content providers. For example should exits not be allowed to run in Germany due to https://en.m.wikipedia.org/wiki/Blocking_of_YouTube_videos_in_Germany ? Or not allow exits in EU due to the number of US websites deciding to block all of EU IPs to not have to comply to GDPR? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> ___ >>> tor-relays mailing list >>> tor-relays@lists.torproject.org >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship
The exit is behind a filtered ISP. Opposed to a website blocking exits. That’s the difference. 1) The content provider causes the block. 2) The exit causes the block. In situation two a censored user may give up on Tor entirely. Should we allow exits in China or Iraq or Syria or Turkey or the several other countries. What if their governments who can afford it spin up 10,000 exits in an effort to censor the Tor Network. Will we sit idly by and allow it? On Thu, Aug 30, 2018 at 7:17 PM Pascal Terjan wrote: > A country's ISPs blocking some websites is not the exit blocking it and > the result is the same than websites blocking the country, users of that > exit can't access the websites just because the exit is in that country but > doesn't do any filtering itself. > > On Thu, 30 Aug 2018, 16:14 Nathaniel Suchy, wrote: > >> That’s a website blocking Tor users. Not a Tor Exit blocking a website. >> On Thu, Aug 30, 2018 at 7:06 PM Pascal Terjan wrote: >> >>> >>> >>> On Thu, 30 Aug 2018, 14:11 Nathaniel Suchy, wrote: >>> So this exit node is censored by Turkey. That means any site blocked in Turkey is blocked on the exit. What about an exit node in China or Syria or Iraq? They censor, should exits there be allowed? I don't think they should. Make them relay only, (and yes that means no Guard or HSDir flags too) situation A could happen. The odds might not be in your favor. Don't risk that! >>> >>> Where do you put the limit? >>> >>> Various categories of websites are blocked in various countries either >>> by ISPs or by content providers. >>> >>> For example should exits not be allowed to run in Germany due to >>> https://en.m.wikipedia.org/wiki/Blocking_of_YouTube_videos_in_Germany ? >>> Or not allow exits in EU due to the number of US websites deciding to block >>> all of EU IPs to not have to comply to GDPR? >>> >>> ___ >>> tor-relays mailing list >>> tor-relays@lists.torproject.org >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship
A country's ISPs blocking some websites is not the exit blocking it and the result is the same than websites blocking the country, users of that exit can't access the websites just because the exit is in that country but doesn't do any filtering itself. On Thu, 30 Aug 2018, 16:14 Nathaniel Suchy, wrote: > That’s a website blocking Tor users. Not a Tor Exit blocking a website. > On Thu, Aug 30, 2018 at 7:06 PM Pascal Terjan wrote: > >> >> >> On Thu, 30 Aug 2018, 14:11 Nathaniel Suchy, wrote: >> >>> So this exit node is censored by Turkey. That means any site blocked in >>> Turkey is blocked on the exit. What about an exit node in China or Syria or >>> Iraq? They censor, should exits there be allowed? I don't think they >>> should. Make them relay only, (and yes that means no Guard or HSDir flags >>> too) situation A could happen. The odds might not be in your favor. Don't >>> risk that! >>> >> >> Where do you put the limit? >> >> Various categories of websites are blocked in various countries either by >> ISPs or by content providers. >> >> For example should exits not be allowed to run in Germany due to >> https://en.m.wikipedia.org/wiki/Blocking_of_YouTube_videos_in_Germany ? >> Or not allow exits in EU due to the number of US websites deciding to block >> all of EU IPs to not have to comply to GDPR? >> >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship
On Thu, 30 Aug 2018, 14:11 Nathaniel Suchy, wrote: > So this exit node is censored by Turkey. That means any site blocked in > Turkey is blocked on the exit. What about an exit node in China or Syria or > Iraq? They censor, should exits there be allowed? I don't think they > should. Make them relay only, (and yes that means no Guard or HSDir flags > too) situation A could happen. The odds might not be in your favor. Don't > risk that! > Where do you put the limit? Various categories of websites are blocked in various countries either by ISPs or by content providers. For example should exits not be allowed to run in Germany due to https://en.m.wikipedia.org/wiki/Blocking_of_YouTube_videos_in_Germany ? Or not allow exits in EU due to the number of US websites deciding to block all of EU IPs to not have to comply to GDPR? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship
Then assign a bad exit flag and let it middle relay. On Thu, Aug 30, 2018 at 5:58 PM Gary wrote: > Hello > > On Thu, Aug 30, 2018 at 3:25 PM grarpamp wrote: > >> This particular case receiving mentions for at least a few months... >> D1E99DE1E29E05D79F0EF9E083D18229867EA93C kommissarov 185.125.33.114 > > > On Thu, 30 Aug 2018 at 22:11, Nathaniel Suchy wrote: > >> So this exit node is censored by Turkey. That means any site blocked in >> Turkey is blocked on the exit. What about an exit node in China or Syria or >> Iraq? They censor, should exits there be allowed? I don't think they >> should. Make them relay only, (and yes that means no Guard or HSDir flags >> too) situation A could happen. The odds might not be in your favor. Don't >> risk that! >> > > Personally I think living with a small amount of country-by-country > censorship is preferable to an "exitpolicy:exitsite" method, for example > you are always going to get different areas/peoples thinking topics/sites > things are acceptable while others dont think so. A tor user can simply > change circuit and all will be fine. > > Also, if relay operators were able to produce a list of sites that they > don't allow exits so, it would allow bad operators to game the system and > perform correlation attacks. > > Even if a particular relay blocks exits to most .com's, it would still > provide a valuable guard / middle service. > > >> >> Cordially, >> Nathaniel Suchy >> >> On Thu, Aug 30, 2018 at 3:25 PM grarpamp wrote: >> >>> This particular case receiving mentions for at least a few months... >>> D1E99DE1E29E05D79F0EF9E083D18229867EA93C kommissarov 185.125.33.114 >>> >>> The relay won't [likely] be badexited because neither it nor its >>> upstream is >>> shown to be doing anything malicious. Simple censorship isn't enough. >>> And except for such limited censorship, the nodes are otherwise fully >>> useful, and provide a valuable presence inside such regions / networks. >>> >>> Users, in such censoring regimes, that have sucessfully connected >>> to tor, already have free choice of whatever exits they wish, therefore >>> such censorship is moot for them. >>> >>> For everyone else, and them, workarounds exist such as,,, >>> https://onion.torproject.org/ >>> http://yz7lpwfhhzcdyc5y.onion/ >>> search engines, sigs, vpns, mirrors, etc >>> >>> Further, whatever gets added to static exitpolicy's might move out >>> from underneath them or the censor, the censor may quit, or the exit >>> may fail to maintain the exitpolicy's. None of which are true >>> representation >>> of the net, and are effectively censorship as result of operator action >>> even though unintentional / delayed. >>> >>> Currently many regimes do limited censorship like this, >>> so you'd lose all those exits too for no good reason, see... >>> https://ooni.torproject.org/ >>> >>> https://en.wikipedia.org/wiki/Internet_censorship_and_surveillance_by_country >>> >>> And arbitrarily hamper spirits, tactics, and success of volunteer >>> resistance communities and operators in, and fighting, such regimes >>> around the world. >>> >>> And if the net goes chaotic, majority of exits will have limited >>> visibility, >>> for which exitpolicy / badexit are hardly manageable solutions either, >>> and would end up footshooting out many partly useful yet needed >>> exits as well. >>> >>> >>> If this situation bothers users, they can use... SIGNAL NEWNYM, >>> New Identity, or ExcludeExitNodes. >>> >>> They can also create, maintain and publish lists of whatever such >>> classes of nodes they wish to determine, including various levels >>> of trust, contactability, verification, ouija, etc... such that others >>> can subscribe to them and Exclude at will. >>> They can further publish patches to make tor automatically >>> read such lists, including some modes that might narrowly exclude >>> and route stream requests around just those lists of censored >>> destination:exit pairings. >>> >>> Ref also... >>> https://metrics.torproject.org/rs.html#search/as:AS197328%20flag:exit >>> https://metrics.torproject.org/rs.html#search/country:tr%20flag:exit >>> >>> >>> In the subect situations, you'd want to show that it is in fact >>> the exit itself, not its upstream, that is doing the censorship. >>> >>> Or that if fault can't be determined to the upstream or exit, what >>> would be the plausible malicious benefit for an exit / upstream >>> to block a given destination such that a badexit is warranted... >>> >>> a) Frustrate and divert off 0.001% of Turk users smart enough to >>> use tor, chancing through tor client random exit selection of your >>> blocking exit, off to one of the workarounds that you're equally >>> unlikely to control and have ranked, through your exit vs one >>> of the others tor has open? >>> >>> b) Prop up weird or otherwise secretly bad nodes on the net, >>> like the hundreds of other ones out there, for which no badexit >>> or diverse subscription services yet exist to qualify them? >>> >>>
Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship
Hello On Thu, Aug 30, 2018 at 3:25 PM grarpamp wrote: > This particular case receiving mentions for at least a few months... > D1E99DE1E29E05D79F0EF9E083D18229867EA93C kommissarov 185.125.33.114 On Thu, 30 Aug 2018 at 22:11, Nathaniel Suchy wrote: > So this exit node is censored by Turkey. That means any site blocked in > Turkey is blocked on the exit. What about an exit node in China or Syria or > Iraq? They censor, should exits there be allowed? I don't think they > should. Make them relay only, (and yes that means no Guard or HSDir flags > too) situation A could happen. The odds might not be in your favor. Don't > risk that! > Personally I think living with a small amount of country-by-country censorship is preferable to an "exitpolicy:exitsite" method, for example you are always going to get different areas/peoples thinking topics/sites things are acceptable while others dont think so. A tor user can simply change circuit and all will be fine. Also, if relay operators were able to produce a list of sites that they don't allow exits so, it would allow bad operators to game the system and perform correlation attacks. Even if a particular relay blocks exits to most .com's, it would still provide a valuable guard / middle service. > > Cordially, > Nathaniel Suchy > > On Thu, Aug 30, 2018 at 3:25 PM grarpamp wrote: > >> This particular case receiving mentions for at least a few months... >> D1E99DE1E29E05D79F0EF9E083D18229867EA93C kommissarov 185.125.33.114 >> >> The relay won't [likely] be badexited because neither it nor its upstream >> is >> shown to be doing anything malicious. Simple censorship isn't enough. >> And except for such limited censorship, the nodes are otherwise fully >> useful, and provide a valuable presence inside such regions / networks. >> >> Users, in such censoring regimes, that have sucessfully connected >> to tor, already have free choice of whatever exits they wish, therefore >> such censorship is moot for them. >> >> For everyone else, and them, workarounds exist such as,,, >> https://onion.torproject.org/ >> http://yz7lpwfhhzcdyc5y.onion/ >> search engines, sigs, vpns, mirrors, etc >> >> Further, whatever gets added to static exitpolicy's might move out >> from underneath them or the censor, the censor may quit, or the exit >> may fail to maintain the exitpolicy's. None of which are true >> representation >> of the net, and are effectively censorship as result of operator action >> even though unintentional / delayed. >> >> Currently many regimes do limited censorship like this, >> so you'd lose all those exits too for no good reason, see... >> https://ooni.torproject.org/ >> >> https://en.wikipedia.org/wiki/Internet_censorship_and_surveillance_by_country >> >> And arbitrarily hamper spirits, tactics, and success of volunteer >> resistance communities and operators in, and fighting, such regimes >> around the world. >> >> And if the net goes chaotic, majority of exits will have limited >> visibility, >> for which exitpolicy / badexit are hardly manageable solutions either, >> and would end up footshooting out many partly useful yet needed >> exits as well. >> >> >> If this situation bothers users, they can use... SIGNAL NEWNYM, >> New Identity, or ExcludeExitNodes. >> >> They can also create, maintain and publish lists of whatever such >> classes of nodes they wish to determine, including various levels >> of trust, contactability, verification, ouija, etc... such that others >> can subscribe to them and Exclude at will. >> They can further publish patches to make tor automatically >> read such lists, including some modes that might narrowly exclude >> and route stream requests around just those lists of censored >> destination:exit pairings. >> >> Ref also... >> https://metrics.torproject.org/rs.html#search/as:AS197328%20flag:exit >> https://metrics.torproject.org/rs.html#search/country:tr%20flag:exit >> >> >> In the subect situations, you'd want to show that it is in fact >> the exit itself, not its upstream, that is doing the censorship. >> >> Or that if fault can't be determined to the upstream or exit, what >> would be the plausible malicious benefit for an exit / upstream >> to block a given destination such that a badexit is warranted... >> >> a) Frustrate and divert off 0.001% of Turk users smart enough to >> use tor, chancing through tor client random exit selection of your >> blocking exit, off to one of the workarounds that you're equally >> unlikely to control and have ranked, through your exit vs one >> of the others tor has open? >> >> b) Prop up weird or otherwise secretly bad nodes on the net, >> like the hundreds of other ones out there, for which no badexit >> or diverse subscription services yet exist to qualify them? >> >> c) ??? >> >> Or that some large number of topsites were censored via >> singular or small numbers of exits / upstreams so as to be >> exceedingly annoying to the network users as a whole, where >> no other environment of such
Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship
So this exit node is censored by Turkey. That means any site blocked in Turkey is blocked on the exit. What about an exit node in China or Syria or Iraq? They censor, should exits there be allowed? I don't think they should. Make them relay only, (and yes that means no Guard or HSDir flags too) situation A could happen. The odds might not be in your favor. Don't risk that! Cordially, Nathaniel Suchy On Thu, Aug 30, 2018 at 3:25 PM grarpamp wrote: > This particular case receiving mentions for at least a few months... > D1E99DE1E29E05D79F0EF9E083D18229867EA93C kommissarov 185.125.33.114 > > The relay won't [likely] be badexited because neither it nor its upstream > is > shown to be doing anything malicious. Simple censorship isn't enough. > And except for such limited censorship, the nodes are otherwise fully > useful, and provide a valuable presence inside such regions / networks. > > Users, in such censoring regimes, that have sucessfully connected > to tor, already have free choice of whatever exits they wish, therefore > such censorship is moot for them. > > For everyone else, and them, workarounds exist such as,,, > https://onion.torproject.org/ > http://yz7lpwfhhzcdyc5y.onion/ > search engines, sigs, vpns, mirrors, etc > > Further, whatever gets added to static exitpolicy's might move out > from underneath them or the censor, the censor may quit, or the exit > may fail to maintain the exitpolicy's. None of which are true > representation > of the net, and are effectively censorship as result of operator action > even though unintentional / delayed. > > Currently many regimes do limited censorship like this, > so you'd lose all those exits too for no good reason, see... > https://ooni.torproject.org/ > > https://en.wikipedia.org/wiki/Internet_censorship_and_surveillance_by_country > > And arbitrarily hamper spirits, tactics, and success of volunteer > resistance communities and operators in, and fighting, such regimes > around the world. > > And if the net goes chaotic, majority of exits will have limited > visibility, > for which exitpolicy / badexit are hardly manageable solutions either, > and would end up footshooting out many partly useful yet needed > exits as well. > > > If this situation bothers users, they can use... SIGNAL NEWNYM, > New Identity, or ExcludeExitNodes. > > They can also create, maintain and publish lists of whatever such > classes of nodes they wish to determine, including various levels > of trust, contactability, verification, ouija, etc... such that others > can subscribe to them and Exclude at will. > They can further publish patches to make tor automatically > read such lists, including some modes that might narrowly exclude > and route stream requests around just those lists of censored > destination:exit pairings. > > Ref also... > https://metrics.torproject.org/rs.html#search/as:AS197328%20flag:exit > https://metrics.torproject.org/rs.html#search/country:tr%20flag:exit > > > In the subect situations, you'd want to show that it is in fact > the exit itself, not its upstream, that is doing the censorship. > > Or that if fault can't be determined to the upstream or exit, what > would be the plausible malicious benefit for an exit / upstream > to block a given destination such that a badexit is warranted... > > a) Frustrate and divert off 0.001% of Turk users smart enough to > use tor, chancing through tor client random exit selection of your > blocking exit, off to one of the workarounds that you're equally > unlikely to control and have ranked, through your exit vs one > of the others tor has open? > > b) Prop up weird or otherwise secretly bad nodes on the net, > like the hundreds of other ones out there, for which no badexit > or diverse subscription services yet exist to qualify them? > > c) ??? > > Or that some large number of topsites were censored via > singular or small numbers of exits / upstreams so as to be > exceedingly annoying to the network users as a whole, where > no other environment of such / chaotic widespread annoyance > is known to exist at the same time. > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship
This particular case receiving mentions for at least a few months... D1E99DE1E29E05D79F0EF9E083D18229867EA93C kommissarov 185.125.33.114 The relay won't [likely] be badexited because neither it nor its upstream is shown to be doing anything malicious. Simple censorship isn't enough. And except for such limited censorship, the nodes are otherwise fully useful, and provide a valuable presence inside such regions / networks. Users, in such censoring regimes, that have sucessfully connected to tor, already have free choice of whatever exits they wish, therefore such censorship is moot for them. For everyone else, and them, workarounds exist such as,,, https://onion.torproject.org/ http://yz7lpwfhhzcdyc5y.onion/ search engines, sigs, vpns, mirrors, etc Further, whatever gets added to static exitpolicy's might move out from underneath them or the censor, the censor may quit, or the exit may fail to maintain the exitpolicy's. None of which are true representation of the net, and are effectively censorship as result of operator action even though unintentional / delayed. Currently many regimes do limited censorship like this, so you'd lose all those exits too for no good reason, see... https://ooni.torproject.org/ https://en.wikipedia.org/wiki/Internet_censorship_and_surveillance_by_country And arbitrarily hamper spirits, tactics, and success of volunteer resistance communities and operators in, and fighting, such regimes around the world. And if the net goes chaotic, majority of exits will have limited visibility, for which exitpolicy / badexit are hardly manageable solutions either, and would end up footshooting out many partly useful yet needed exits as well. If this situation bothers users, they can use... SIGNAL NEWNYM, New Identity, or ExcludeExitNodes. They can also create, maintain and publish lists of whatever such classes of nodes they wish to determine, including various levels of trust, contactability, verification, ouija, etc... such that others can subscribe to them and Exclude at will. They can further publish patches to make tor automatically read such lists, including some modes that might narrowly exclude and route stream requests around just those lists of censored destination:exit pairings. Ref also... https://metrics.torproject.org/rs.html#search/as:AS197328%20flag:exit https://metrics.torproject.org/rs.html#search/country:tr%20flag:exit In the subect situations, you'd want to show that it is in fact the exit itself, not its upstream, that is doing the censorship. Or that if fault can't be determined to the upstream or exit, what would be the plausible malicious benefit for an exit / upstream to block a given destination such that a badexit is warranted... a) Frustrate and divert off 0.001% of Turk users smart enough to use tor, chancing through tor client random exit selection of your blocking exit, off to one of the workarounds that you're equally unlikely to control and have ranked, through your exit vs one of the others tor has open? b) Prop up weird or otherwise secretly bad nodes on the net, like the hundreds of other ones out there, for which no badexit or diverse subscription services yet exist to qualify them? c) ??? Or that some large number of topsites were censored via singular or small numbers of exits / upstreams so as to be exceedingly annoying to the network users as a whole, where no other environment of such / chaotic widespread annoyance is known to exist at the same time. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays