Re: [tor-relays] Become a Fallback Directory Mirror (deadline: July 23)
D0F2882D84450F47C3FC922D5F6A262AB1395D6D On 7/8/2020 1:36 PM, gus wrote: Dear Relay Operators, Do you want your relay to be a Tor fallback directory mirror? Will it have the same address and port for the next 2 years? Just reply to this email with your relay's fingerprint. Important: you have until July 23 2020 to reply to this message to get in the fallback directory mirror list. If your relay is on the current fallback list, you don't need to do anything. If you're asking: Q: What's a fallback directory mirror? Fallback directory mirrors help Tor clients connect to the network. For more details, see [1]. Q: Is my relay on the current list? Search [2] and [3] for your relay fingerprint or IP address and port. [2] is the current list of fallbacks in Tor. [3] is used to create the next list of fallbacks. Q: What do I need to do if my relay is on the list? Keep the same IP address, keys, and ports. Email tor-relays if the relay's details change. Q: Can my relay be on the list next time? We need fast relays that will be on the same IP address and port for 2 years. Reply to this email to get on the list, or to update the details of your relay. Once or twice a year, we run a script to choose about 150-200 relays from the potential list [3] for the list in Tor [2]. Q: Why didn't my relay get on the list last time? We check a relay's uptime, flags, and speed [4]. Sometimes, a relay might be down when we check. That's ok, we will check it again next time. It's good to have some new relays on the list every release. That helps tor clients, because blocking a changing list is harder. cheers, Gus [1] https://gitlab.torproject.org/tpo/core/tor/-/wikis/NetworkTeam/FallbackDirectoryMirrors [2] https://gitweb.torproject.org/tor.git/tree/src/app/config/fallback_dirs.inc [3] https://gitweb.torproject.org/fallback-scripts.git/tree/fallback_offer_list [4] https://trac.torproject.org/projects/tor/attachment/ticket/21564/fallbacks_2017-05-16-0815-09cd78886.log ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- This email has been checked for viruses by AVG. https://www.avg.com ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Become a Fallback Directory Mirror (deadline: July 23)
Hello Gus, My two exit relays in Moldova are offered as fallback directories. Like my other four exit/fallback relays, these are long-term investments that I hope will operate and grow for at least 5 more years. [D78D1B4489CF4FFB0FD74014BDF2D600D8EE5B05], [B06F093A3D4DFAD3E923F4F28A74901BD4F74EB1]. Best regards, stay safe, Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ On Wednesday, July 8, 2020 10:36 AM, gus wrote: > Dear Relay Operators, > > Do you want your relay to be a Tor fallback directory mirror? > Will it have the same address and port for the next 2 years? > > Just reply to this email with your relay's fingerprint. > > Important: you have until July 23 2020 to reply to this message to get > in the fallback directory mirror list. > > If your relay is on the current fallback list, you don't need to do > anything. > > If you're asking: > > Q: What's a fallback directory mirror? > > Fallback directory mirrors help Tor clients connect to the network. For > more details, see [1]. > > Q: Is my relay on the current list? > > Search [2] and [3] for your relay fingerprint or IP address and port. > [2] is the current list of fallbacks in Tor. > [3] is used to create the next list of fallbacks. > > Q: What do I need to do if my relay is on the list? > > Keep the same IP address, keys, and ports. Email tor-relays if the > relay's details change. > > Q: Can my relay be on the list next time? > > We need fast relays that will be on the same IP address and port for 2 > years. Reply to this email to get on the list, or to update the details > of your relay. > > Once or twice a year, we run a script to choose about 150-200 relays > from the potential list [3] for the list in Tor [2]. > > Q: Why didn't my relay get on the list last time? > > We check a relay's uptime, flags, and speed [4]. Sometimes, a relay > might be down when we check. That's ok, we will check it again next > time. > > It's good to have some new relays on the list every release. That helps > tor clients, because blocking a changing list is harder. > > cheers, > Gus > > [1] > https://gitlab.torproject.org/tpo/core/tor/-/wikis/NetworkTeam/FallbackDirectoryMirrors > [2] > https://gitweb.torproject.org/tor.git/tree/src/app/config/fallback_dirs.inc > [3] > https://gitweb.torproject.org/fallback-scripts.git/tree/fallback_offer_list > [4] > https://trac.torproject.org/projects/tor/attachment/ticket/21564/fallbacks_2017-05-16-0815-09cd78886.log > > > > The Tor Project > Community Team Lead > http://expyuzz4wqqyqhjn.onion/ > > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] >23% Tor exit relay capacity found to be malicious - call for support for proposal to limit large scale attacks
There seems to be a consensus toward building a web of trust. Thinking about it again, I don't like much the direction it is going. I see tor as a web of untrust actually. I never much appreciated the power already granted to directory authorities. I want to be able to use any relay (I choose) as guard or exit easily (at the operator's discretion), but currently unless Im mistaken I need to wait for those authorities to flag them as appropriate. Some of this power makes sense at the network level to balance traffic fluently between relays and decrease the probability of bad actors obtaining meaningful data, but others like the recent ban initiated by nunseu sounds like abuse to me. His proposal moves forward in that direction imo. To be clear, I rely on him and others monitoring the network for bad actors and I believe they made the right move when kicking them off. However I think it would be preferable to keep as much as possible the open design at the network level. Anything trying to build a web of trust should be completely separate, for instance published white and blacklists. Authorities flagging relays with verified email or physical addresses could publish their lists, and this could be used by the clients with the default configuration. But no single relay - however bad someone thinks it is - should be kicked off the network by the network itself. Especially not on the basis of individual human decisions. There are a lot of other ways to mitigate sybil attacks, and contrary to the blog post statement that tor can handle some malicious relay only, I believe the design allows for a network entirely powered by malicious relays provided they are belonging to different actors and sufficiently distributed amongst them. I personally would not trust any relay Im not operating directly. Isn't it a good time to move more decisions to the clients, like choosing between speed vs randomness, agreeing on blacklists/whitelists of some authority, etc? Im sorry if I missed some obvious goals of the project or that Im bringing up previously discussed options. c ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Become a Fallback Directory Mirror (deadline: July 23)
08F4692B60862640F688B86826B66F30DEA7AB73 Le 8 juillet 2020 19:36:57 GMT+02:00, gus a écrit : >Dear Relay Operators, > >Do you want your relay to be a Tor fallback directory mirror? >Will it have the same address and port for the next 2 years? > >Just reply to this email with your relay's fingerprint. > >Important: you have until July 23 2020 to reply to this message to get >in the fallback directory mirror list. > >If your relay is on the current fallback list, you don't need to do >anything. > >If you're asking: > >Q: What's a fallback directory mirror? > >Fallback directory mirrors help Tor clients connect to the network. For >more details, see [1]. > >Q: Is my relay on the current list? > >Search [2] and [3] for your relay fingerprint or IP address and port. >[2] is the current list of fallbacks in Tor. >[3] is used to create the next list of fallbacks. > >Q: What do I need to do if my relay is on the list? > >Keep the same IP address, keys, and ports. Email tor-relays if the >relay's details change. > >Q: Can my relay be on the list next time? > >We need fast relays that will be on the same IP address and port for 2 >years. Reply to this email to get on the list, or to update the details >of your relay. > >Once or twice a year, we run a script to choose about 150-200 relays >from the potential list [3] for the list in Tor [2]. > >Q: Why didn't my relay get on the list last time? > >We check a relay's uptime, flags, and speed [4]. Sometimes, a relay >might be down when we check. That's ok, we will check it again next >time. > >It's good to have some new relays on the list every release. That helps >tor clients, because blocking a changing list is harder. > >cheers, >Gus > >[1] >https://gitlab.torproject.org/tpo/core/tor/-/wikis/NetworkTeam/FallbackDirectoryMirrors >[2] >https://gitweb.torproject.org/tor.git/tree/src/app/config/fallback_dirs.inc >[3] >https://gitweb.torproject.org/fallback-scripts.git/tree/fallback_offer_list >[4] >https://trac.torproject.org/projects/tor/attachment/ticket/21564/fallbacks_2017-05-16-0815-09cd78886.log >-- >The Tor Project >Community Team Lead >http://expyuzz4wqqyqhjn.onion/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] tor relay - vps maintenance - what to do ?
Hi,
in the next three days, my VPS provider planning to shutdown ("maintenanance")
for 6 hours my VPS where tor relay is running (with some services). What should
I do ?
I suspect that my VPS will be copied and reviewed (by not authorized persons)
afterwards. How do You react in such a situations ?
I appreciate any advice.
Cheers
Dlugasny
Sent with [ProtonMail](https://protonmail.com) Secure Email.___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] tor relay - vps maintenance - what to do ?
On Sun, Jul 12, 2020 at 09:12:31PM +, dluga...@protonmail.com wrote:
> in the next three days, my VPS provider planning to shutdown
> ("maintenanance") for 6 hours my VPS where tor relay is running (with some
> services). What should I do ?
>
> I suspect that my VPS will be copied and reviewed (by not authorized persons)
> afterwards. How do You react in such a situations ?
>
> I appreciate any advice.
The conservative choice would be to remove all the key material (that is,
delete the files in your DataDirectory/keys/ directory) before it shuts
down, and then start a fresh relay (with fresh keys) when it comes back.
It really comes down to how much you think they will mess with it (or
maybe even, why you think they've picked your VPS for maintenance at all).
Leaving it alone and not stressing about it, or rotating to fresh keys,
are both valid approaches. It depends how you want to approach it.
Hope that helps,
--Roger
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] tor relay - vps maintenance - what to do ?
On Sun, 12 Jul 2020 21:12:31 +
dluga...@protonmail.com wrote:
> in the next three days, my VPS provider planning to shutdown
> ("maintenanance") for 6 hours my VPS where tor relay is running (with some
> services).
>
> I suspect that my VPS will be copied and reviewed (by not authorized persons)
> afterwards.
The provider can copy and examine disks of a running VPS even without shutting
it down. They might get a few filesystem errors, but most likely nothing major
and 99% of data will be there.
The only way to protect from that, is to set up Full-disk encryption (FDE) on
the VPS beforehand. But even then, it is challenging to make sure the
decryption key is not leaked to the provider (e.g. when entering it via their
"VNC Console", which can be keylogged).
If you do not set up FDE, you should assume all your data on any VPS is
accessible to the provider. Even RAM of a VPS can be copied without stopping
it, so running Tor in a RAM disk (tmpfs) is not an answer either.
For more privacy get a dedicated server rather than a VPS. At least a server
actually must be shut down to mess with its disks, and RAM is basically out of
reach. (I believe wiretapping SATA, let alone DDR, can be ruled out as
purely theoretical, in most cases :)
Make sure that backdoors such as Intel AMT are not active though, or get a
non-Intel server.
> What should I do ?
Do not get overly paranoid, most likely it's just a maintenance and has
nothing to do with your VPS or with Tor running on it. As said above, if they
wanted your VPS' contents, they can freely get it at any time without
attracting attention.
If it was a dedicated server, then yes, a cause for concern, as it's a plenty
of time to detach your disk and copy it. For a VPS, none of that downtime is
even needed for that in the first place.
--
With respect,
Roman
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
