On August 14, 2020 5:12:35 PM UTC, Roger Dingledine <[email protected]> wrote: >On Thu, Aug 13, 2020 at 03:34:55PM +0200, niftybunny wrote: >> This shit has to stop. Why are the relays in question still online? > >Hm? The relays are not online -- we kicked them in mid June. > >We don't know of any relays right now that are attacking users. > >Or said another way, if anybody knows of relays that are doing any >attacks >on Tor users, ssl stripping or otherwise, please report them. I believe >that we are up to date and have responded to all reports. > >That said, there is definitely the uncertainty of "I wonder if those >OVH relays are attacking users -- they are run by people I don't know, >though there is no evidence that they are." We learned from this case >that making people list and answer an email address didn't slow them >down. > >I still think that long term the answer is that we need to shift the >Tor network toward a group of relay operators that know each other -- >transparency, community, relationships, all of those things that are >costly to do but also costly to attack: >https://gitlab.torproject.org/tpo/metrics/relay-search/-/issues/40001 >https://lists.torproject.org/pipermail/tor-relays/2020-July/018656.html >https://lists.torproject.org/pipermail/tor-relays/2020-July/018669.html > >But the short term answer is that nobody to my knowledge has shown us >any current relays that are doing attacks. > >Hope that helps, >--Roger > >_______________________________________________ >tor-relays mailing list >[email protected] >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Roger had Tor Project taken some countermeasures against this type of attack? For example quoting from nusenu's article: > As an immediate countermeasure against this ongoing issue the Tor Project > could require physical address verification for all new (joined in 2020) Tor > relay operators that run more than 0.5% of the Tor network’s exit or guard > capacity. Why 0.5%? It is a balance between the risk of malicious Tor relay > capacity and the required effort for verification. Using 0.5% as a threshold > is a realistically low number of operators to verify. As of 2020–08–08 there > are just five exit and one guard operator that match these criteria (new and > big). Some of them have similarities to previously detected malicious groups. > Others are somewhat known with a good reputation already. So the amount for > this initial verification is limited to sending 6 letters to a provided > physical address (more likely actually 3 since some might not request the > physical address verification).
pEpkey.asc
Description: application/pgp-keys
_______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
