Re: [tor-relays] Fwd: Your TOR relay
As a general comment I try and assume the best of everyone on the mailing list and the worst of everyone in actual practice... When offering sensitive anonymization services it's best to take the opposite view of yourself. Operate with the best intentions but seriously think about what harm you *could* do because everone else has to assume you're doing that unless you can provide strong proofs otherwise. In the case of a single person running DNS service en encouraging exit oepratiors to use them you create a significant single point of failure. Both by possible malicious activity on your part, simple misconfiguration, or just giving external actors an (arguably) more focused place to look. Just in general "everyone send your traffic through me" is a huge red flag no matter who you are. If Roger Dingledine walked into my office and sugeested to my face that all TOR DNS should go through a system I know he controlls that sits in my data center I'd take quite a bit of convincing because reputation != strong proof. So I appreciate your interest in solving a problem and actually take some action, but I'm not surprised it was poorly received. I do encourage you to apply a bit of the tecnical paranoia this list can supply and see if you can come up with ways to address them. I suspect some are insurmountable in theis context, but what fun is it if you only attack surmountable problems? -Jon On Mon, Aug 07, 2017 at 10:53:06PM -0400, Dennis Emory Hannon wrote: :No attitude or hurt feelings. What's different from my servers compared to :others? Probably nothing at all..this is just a hobby of mine. One would :think if I wanted to collect information I would just run an exit node :myself since I have the resources. : :For those that want an alternative no logging DNS: :172.98.193.42 : :162.248.241.94 : :For those that don't, :No worries at all, we'll be here if you change your mind. :D : : :Cheers! : :-Dennis : :https://www.linkedin.com/in/dennis-hannon-52236019/ :+1 (585) 735-5996 : :___ :tor-relays mailing list :tor-relays@lists.torproject.org :https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Fwd: Your TOR relay
On 08/07/2017 10:53 PM, Dennis Emory Hannon wrote: > No attitude or hurt feelings. What’s different from my servers compared > to others? Probably nothing at all….this is just a hobby of mine. One > would think if I wanted to collect information I would just run an exit > node myself since I have the resources. > > For those that want an alternative no logging DNS: > 172.98.193.42 > 162.248.241.94 > > For those that don’t, > No worries at all, we’ll be here if you change your mind. :D I appreciate that it's a hobby project, and that's fine, but I choose my DNS providers carefully. ORSN, and your servers, probably are secure, but half the battle is the first impression and there are some improvements that could be made. First, you mentioned privately that your servers do not support DNSSEC. Please also consider adding support for DNSCurve so that DNS lookups are encrypted. Also, HTTPS on all the pages would be nice first step. https://orsn.org/ returns a self-signed cert. Consider looking into Let's Encrypt as there is now no financial hardships in acquiring an certificate. DNSSEC and/or DNSCurve would also go a long way in convincing Tor exit operators that BackplaneLLC deeply cares about privacy and security. Finally, as I mentioned privately, as you said that you added yourself to the ORSN Wikipedia article, please cite a source for this edit: https://en.wikipedia.org/w/index.php?title=Open_Root_Server_Network&type=revision&diff=793656134&oldid=767884434 The current source of this information is http://www.orsn.org/en/tech/pubdns/, which lists backplanellc.com, yet your edit points states backplanedns.org, which is an entirely different website. I see that backplanellc.com does link to backplanedns.org and your name is listed in the Contact tab, but neither website uses HTTPS, so I have no way of confirming the accuracy of the information. -- Jesse signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Fwd: Your TOR relay
Hi, I've realized the meaning of your "anonymous" DNS: I see you're also running two tor "exits". I write "exit" in inverted commas because you're only allowing port 53 open: 172.98.193.43 corresponds to https://atlas.torproject.org/#details/5E56738E7F97AA81DEEF59AF28494293DFBFCCDF 162.248.241.94 does not correspond to a relay. You also have https://atlas.torproject.org/#details/A5DEC503F0345C6AEB9B268FE0A642BF60319278 It's the same deal. In the latter I suspect this is a "private" resolver or something. Or maybe you just copied your torrc or something. Either way, this is really cryptic and odd. Opening port 53 only in your exit policy is not beneficial to the Tor network. Why can't you open more ports? I will thus say this: however you're thinking Tor works... it probably doesn't. Furthermore, I don't think you should be mixing the resolver and the exit in this way. I don't know what the particulars are but it seems like something that would be easy to mis-configure. As a result I think you're putting your users in danger, even if it's not actively intended to be malicious. Someone else might be concerned with how you've configured this resolver e.g. how does it handle DNSSEC? I don't think it is handling it. That's another topic, though. Finally: if someone decides to report these to Bad Exits, then I wouldn't blame them, frankly. Regards Dennis Emory Hannon: > No attitude or hurt feelings. What's different from my servers compared to > others? Probably nothing at all..this is just a hobby of mine. One would > think if I wanted to collect information I would just run an exit node > myself since I have the resources. > > For those that want an alternative no logging DNS: > 172.98.193.42 > > 162.248.241.94 > > For those that don't, > No worries at all, we'll be here if you change your mind. :D > > > Cheers! > > -Dennis > > https://www.linkedin.com/in/dennis-hannon-52236019/ > +1 (585) 735-5996 > > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Fwd: Your TOR relay
No attitude or hurt feelings. What's different from my servers compared to others? Probably nothing at all..this is just a hobby of mine. One would think if I wanted to collect information I would just run an exit node myself since I have the resources. For those that want an alternative no logging DNS: 172.98.193.42 162.248.241.94 For those that don't, No worries at all, we'll be here if you change your mind. :D Cheers! -Dennis https://www.linkedin.com/in/dennis-hannon-52236019/ +1 (585) 735-5996 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Fwd: Your TOR relay
Hi "Dennis", I'm all for nameservers aimed at anonymous usage, albeit run in a democratic and transparent manner. However, your mail is enough to arouse significant suspicion. One would suggest that a legitimate project like this would post to public Tor mailing lists or similar places. You could have sent a friendly email to tor-talk introducing yourself and your project, and why we exit node operators might want to get involved. It's plain to see that you haven't done that, other than some recent advertisement on Tor Stack Exchange, which might otherwise be considered spam. As far as I can tell, you've only emailed exit node operators individually. You've added a phone number to lend more legitimacy to your online identity, but it looks remarkably like those sink-hole telephone numbers people rent online. You've styled the email as if you've just happened to find the relay on Atlas. This is statistically improbable, considering there are about 800 Tor exits. There are already alternative nameservers that have a good reputation already, such as OpenNIC, so what do yours offer that these don't? Finally, your response to the mail being forwarded to a public list is significantly concerning, in its furious nature. There are very real fears about malicious DNS servers - this seems like a trap to anyone looking with a passing glance at your message. I wish you well, maybe you'd like to post to tor-talk and discuss this instead of adopting a (concerning and frankly suspicious) attitude to people calling you out in public. I appreciate running a public nameserver costs you money, but one might suggest that if you were a malicious party, you'd be doing it for ulterior motives that might reimburse you financially. Dennis Emory Hannon: > Tom, > > That's a completely false statement. Some folks would rather choose an > alternate root caching server as opposed to their ISP's DNS. In fact, no > logging and anonymity is the sole intention of the servers mentioned. You're > crying wolf here. If you don't want to use it, don't. Simple as that. I'm a > software engineer for a financial intuition here. I have nothing to gain. It > actually COSTS me money to run. > > > > > > -Dennis > > > > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Fwd: Your TOR relay
Tom, That's a completely false statement. Some folks would rather choose an alternate root caching server as opposed to their ISP's DNS. In fact, no logging and anonymity is the sole intention of the servers mentioned. You're crying wolf here. If you don't want to use it, don't. Simple as that. I'm a software engineer for a financial intuition here. I have nothing to gain. It actually COSTS me money to run. -Dennis ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Fwd: Your TOR relay
:-( If you got this mail as well, please don't fall for it. You'd be exposing Tor users' browsing data. Tom Doorgestuurd bericht Onderwerp: Your TOR relay Datum: Sun, 6 Aug 2017 21:19:32 -0400 Van:Dennis Hannon Aan:Dennis Hannon Hello, I came across your TOR relay on atlas. I run a few relays myself along with a bunch of DNS resolvers which are a part of the Open Root Server network (ORSN.org) - aimed to fight internet censorship and circumvent government surveillance programs (ie. prism). I hope you may be interested in using our anonymous open DNS resolvers on your node. http://BackplaneDNS.org Resolver - 172.98.193.42 Resolver - 162.248.241.94 -- Hostmaster@: Mr. Dennis Emory Hannon Phone: +1 (585) 735-5996 E-Mail: i...@backplanedns.org ab...@backplanedns.org ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays