Re: [tor-relays] Snowflakes
Hi Toralf and Gus, Thanks for your replies! On Wednesday, October 28, 2020 at 4:11 PM, Toralf Förster wrote: On 10/26/20 5:32 PM, entensai...@use.startmail.com wrote: Hi everybody, I'm not sure this is the right list to ask, but is it useful to run snowflake proxies? I'd say yes. FWIW I do run it as a ordinary Linux service (git clone + go build) instead as a plugin in my browser here under Gentoo Linux at my desktop. So the proxy runs even if I close the browser. FWIW the plugin tells me : Number of users your Snowflake has helped circumvent censorship in the last 24 hours: 5 :-) -- Toralf ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] How long does it take for a relay IP to stop being displayed in metrics and web service?
A few days up to a week, some service operators might only fetch IP's from the Tor relay pool once every weeks or even months though, so the IP being on Metrics is completely irrelevant. I'd say at least 3-6 months until you reach a state where most sites have un-blocked your IP - some might never un-block it. Think before blindly setting up software without knowing the consequences. 2020-10-28 6:53 GMT, shsmbcfdfk : > Hi, > > I setup a non-exit relay on my home network and I have been listed as relay. > So now me and my family even if we don't use Tor we are excluded from some > online services. > > Beyond the discussion of whether the owners of these services understand Tor > or not, it's a problem that the address is added to public lists, especially > for non-exit relays. > > I completely shut down the relay several hours ago but my IP is still > listed. > > My question is how long does it take for a relay to disappear ? > > Thanks, ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] How long does it take for a relay IP to stop being displayed in metrics and web service?
On Wed, 28 Oct 2020 06:53:56 + shsmbcfdfk wrote: > Hi, > > I setup a non-exit relay on my home network and I have been listed as relay. > So now me and my family even if we don't use Tor we are excluded from some > online services. > > Beyond the discussion of whether the owners of these services understand Tor > or not, it's a problem that the address is added to public lists, especially > for non-exit relays. > > I completely shut down the relay several hours ago but my IP is still listed. > > My question is how long does it take for a relay to disappear ? If I remember correctly, "Down" relays remain listed on metrics.torproject.org for 2 weeks. However the source where those sites and services take the IP lists is likely different, and could be updated more rapidly (or less). -- With respect, Roman ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] How long does it take for a relay IP to stop being displayed in metrics and web service?
Le Wed, Oct 28, 2020 at 06:53:56AM +, shsmbcfdfk écrivait : > Hi, > > I setup a non-exit relay on my home network and I have been listed as relay. > So now me and my family even if we don't use Tor we are excluded from some > online services. > > Beyond the discussion of whether the owners of these services understand Tor > or not, it's a problem that the address is added to public lists, especially > for non-exit relays. > > I completely shut down the relay several hours ago but my IP is still listed. > > My question is how long does it take for a relay to disappear ? > > Thanks, It depends on their firewall policy, if they use fail2ban or not, how long they blacklist. But usually the default is 24h from what I have seen. You might want to contact them to ask to be removed from the blacklist, and mayber explain them why you use Tor and why this is important ? -- Guinness signature.asc Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] How long does it take for a relay IP to stop being displayed in metrics and web service?
Hi, I setup a non-exit relay on my home network and I have been listed as relay. So now me and my family even if we don't use Tor we are excluded from some online services. Beyond the discussion of whether the owners of these services understand Tor or not, it's a problem that the address is added to public lists, especially for non-exit relays. I completely shut down the relay several hours ago but my IP is still listed. My question is how long does it take for a relay to disappear ? Thanks,___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] I bumped out some more bad relays
On Sat, Oct 31, 2020 at 09:37:38AM +0100, Croax wrote: > Good. Does this mean it will be check and bumped more regularly? > I see that lots of relays are running for more than one month from > now. I hope so. I plan to keep running my new scripts and see where things go. Part of it depends on the next steps of the jerk who is doing this. Or said from the other side: if you find a misbehaving relay, or if you find that a particular url seems like it's being intercepted even if you can't figure out which relay is doing it, please report it! The sad version of the story is that there's a "long tail" of possible sites that they could mess with, and if they only mess with unpopular or uncommon, it might be a while until anybody notices. But the happy version of the story is that the more we and others check, the farther down the long tail we push them, i.e. the lower profile they need to be to remain unnoticed. And pushing them down the long tail is also hopefully pushing them towards the point where their operations are unprofitable. I am definitely missing the in-person gatherings around the world here. It used to be that we could say "Oh, you're in country X? Why don't you meet with so-and-so who is nearby to you" and then build human trust relationships. This year nobody meets anybody, and it is having surprising second-order effects like limiting the growth of the global internet freedom community. > Yes. From the browser perspective, HTTPS should be enforced whatever > the context. We may blame final Tor users or website administors for > not following security guidance (eg. HSTS preload) but in the end it is > the Tor user privacy that is compromised. This is lasting for months > and could have been easily prevented. This game of cat and mouse is not > good for Tor reputation. I completely agree. You're seeing the intersection of two core areas of Tor -- "Tor Browser" and "network health" -- that were both impacted more than average by our covid budget cuts. We definitely have gotten the attention of the Tor Browser devs now, and these steps are on their roadmaps, so I'm optimistic that we'll have some not-just-cat-and-mouse improvements in the medium term. --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] How to manually change overloaded Guard?
On Thu, Oct 29, 2020 at 05:56:59AM +, petra...@protonmail.ch wrote: > Since tonight I can't get any usable Tor connections anymore; restarting Tor > gives the following error message: > > Guard TOR2DFNrelB ($0ED0EA324C931CF41CB5272BFB1D015B3D5772A9) is failing more > circuits than usual. Most likely this means the Tor network is overloaded. > Success counts are 152/217. Use counts are 45/59. 167 circuits completed, 13 > were unusable, 2 collapsed, and 51 timed out. For reference, your timeout > cutoff is 60 seconds. > > Any idea how to change the Guard - just restarting Tor doesn't help? It is possible that the overloading happened because of the shift in load from kicking out the bunch of relays tonight -- and if so, it should sort itself out over the coming days. It's also possible that your guard is just encountering other problems in scaling, like it's hitting cpu limits -- Mike's upcoming "scaling research" project aims to (among other things) get better at detecting relays that can't handle their current load, and send less user traffic toward them so they reach equilibrium. But if that's the underlying reason for your issue, there isn't really a good short-term fix. You can change (reset) your current guard by going to your state file (in Tor's DataDirectory) and removing the "Guard" lines. Or heck, it might just be easier to delete the state file rather than trying to edit it. In an ideal world messing with your state file would be a thing that people do rarely if at all, since it can do complex things to your anonymity. So, do this step with care. :) --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] I bumped out some more bad relays
On Sat, Oct 31, 2020 at 09:46:38AM +0100, Toralf Förster wrote: > On 10/31/20 4:05 AM, Roger Dingledine wrote: > > I spent some time this week refining a new exit scanner, and today we > > pushed some new reject rules to kick out some relays that we confirmed > > were running mitmproxy to do more sslstrips. > So these got the flag "Unmeasured" but not "BadExit", right ? We "rejected" their fingerprints, rather than badexiting the fingerprints. So nobody will be using them for anything -- not exiting, not anything else. The "Unmeasured" flag that you're seeing on relay-search means that for that vote, that relay didn't have the required threshold of three votes from directory authorities that run bandwidth authorities. "Unmeasured" here isn't a flag that we explicitly changed, so much as a byproduct of doing the blocking: as directory authorities added their "reject" rules over the course of some hours, the ones that did the reject first happened to be ones that ran bandwidth authorities, so there was a period of a few hours where the relays had enough votes to still get listed as Running, but not enough of the votes came with opinions about bandwidth weights. And because relay-search shows you the last known thing about the relay (i.e. from when it was last listed in a consensus), their relay-search status is frozen in time at that moment before they disappeared entirely. Hope that explains the weird behavior. :) --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] I bumped out some more bad relays
Hi all On Fri, 2020-10-30 at 23:05 -0400, Roger Dingledine wrote: > I spent some time this week refining a new exit scanner, and today we > pushed some new reject rules to kick out some relays that we > confirmed > were running mitmproxy to do more sslstrips. Good. Does this mean it will be check and bumped more regularly? I see that lots of relays are running for more than one month from now. > Expect some upcoming next steps that aim to change the fundamental > arms > race, including experiments to use https by default in Tor Browser, > either > via HTTPS Everywhere's "Encrypt All Sites Eligible" option (you can > turn > that on right now) or via Firefox's upcoming built-in version of the > idea: > https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/19850 Yes. From the browser perspective, HTTPS should be enforced whatever the context. We may blame final Tor users or website administors for not following security guidance (eg. HSTS preload) but in the end it is the Tor user privacy that is compromised. This is lasting for months and could have been easily prevented. This game of cat and mouse is not good for Tor reputation. Thanks -- Croax signature.asc Description: This is a digitally signed message part ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] I bumped out some more bad relays
On 10/31/20 4:05 AM, Roger Dingledine wrote: I spent some time this week refining a new exit scanner, and today we pushed some new reject rules to kick out some relays that we confirmed were running mitmproxy to do more sslstrips. So these got the flag "Unmeasured" but not "BadExit", right ? -- Toralf OpenPGP_0xC4EACDDE0076E94E.asc Description: application/pgp-keys OpenPGP_signature Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays