Re: [tor-relays] Discuss. Why not split donations to Tor relay owners?
Hello, I wrote this advisory: >There is currently no concrete evidence to confirm that the funds >deposited in this wallet will indeed be redirected to the relays. And your first message to the reiya guy was: >Me: last two months> -*- If you're interested on building a project to reward relay operators, please write a proposal and follow this process: https://gitlab.torproject.org/tpo/community/policies/-/blob/master/001-community-relay-operator-process.md New proposals are welcome for discussion. However, sharing a project or wallet saying 'donate to my wallet and I will give back to relays operators' will be repelled. If the project or person is coming with good intentions, they will understand our reasons to push back. Important to note that there were other projects like that in the past such as oniontip (https://github.com/DonnchaC/oniontip/). And there were some great discussions on *how* to reward relay operators: https://blog.torproject.org/tor-incentives-research-roundup-goldstar-par-braids-lira-tears-and-torcoin/ Hope this can clarify your questions. cheers, Gus On Thu, Oct 26, 2023 at 05:09:03AM +0200, Tor Relays wrote: > Hi, > > gus : > > > Hi, > > > > Nobody audited the code of 'reiya' project and there is currently no > > concrete evidence to confirm that the funds deposited in that Monero > > wallet will indeed be redirected to the relays. Therefore, we strongly > > recommend not using that project. > > > > I recently had a conversation with kyun.host about their project reiya.io > and they seemed more discouraged than scammy. > > I have permission from them to copy our conversation to this mailing list > (sorry for the formatting but i couldn't copy and had to type it over): > > Me: months> > Them: i haven't checked that project in some time, let me check the logs > and i'll get back to you > Me: Have you checked it? > Them: yeah it's been failing to send txs for some time im going to shut it > down and manually send each relay however much they're owed > Me: Do you plan to shutdown reiya? > Them: yes > Me: Why? > Them: just not worth my time. from day 1 the community team lead or > whatever from the tor project was calling it a scam. and trying to get my > posts deleted in r/tor and r/monero. the tor project just smells fishy and > i would advise everyone to move on to i2p instead. even after i told them > its open source and they can host it themselves. they just said uhh well we > cant do that it would be illegal or something. > Me: I saw your post on r/monero and i recall that gus commented there and > "warned" that they don't know if it is a scam. Do you still have the > conversation with them where they said it's illegal? Maybe i can ask on the > tor-relays mailing list as a relay operator. Reiya is the only way i know > about how relay operators could get some donations for their relays and it > would be sad to see it disappear only because of a misunderstanding or > something. > Them: nvm yeah i was misremembering the guy saying it was illegal. gus just > annoyed me thats all. calling it a scam without really calling it a scam > and refusing to talk to me no matter how many times i tried. as i said > theres a bug that stops it from sending out the transactions so its pretty > much useless at this point. whoever wants to maintain it can maintain it > and i can provide hosting for free. but im not going to invest my time im > this anymore. > Me: Is it okay for you when i use our conversation to bring it up on the > tor-relays mailing list to ask the torproject what their stance is? > Them: yeah definitely. ive seen pretty much everyone other than gus in that > convo was positive towards the project so maybe someone more trusted can > pick it up. > https://lists.torproject.org/pipermail/tor-relays/2023-October/021343.html > . this was the thread but i dont know how to reply to it im a zoomer. > > > So if reiya was a planned scam that didn't worked out then the torproject > debunked a scammer. > But if it wasn't then the torproject discouraged a community member who > just wanted to support and strenghten the tor network with providing an > easy-to-setup way for relay operators to get some donations for their > bandwidth and sysadmin time. > > > There has to be a vetted and official way of donating to relay operators > because otherwise scammers will take their advantages and good actors could > get burned. > The torproject can not rely on getting informed about every website that > claims to take donations for relay operators and the torproject has no way > of preventing anyone to make a fake donation website to spread it at places > where uninformed or unsuspecting Tor users are around. > > I obviously only know reiyas stance about it but it looks like the handling > of the situation was not great. > > What are the torprojects plans to deal with situations like that in the > future? > > > Thanks > > Regarding funding Tor relays, please follow the process desc
Re: [tor-relays] Proposal: Restrict ContactInfo to Mandatory Email Address
Hi! Xiaoqi Chen (Danny): Hi Georg, First of all, thanks to all of you for the effort writing up the proposal! Sure. Thank you for your input. I saw that email obfuscation was discussed but no solution was proposed. I want to throw in some ideas about obfuscating the email centrally: - Let's not publish cleartext email in any public descriptor, and only publish an obfuscated address, something like operato...@relay-operators.torproject.org or fingerpr...@relay-operators.torproject.org. - Only those already operating a relay, using their ContactInfo as "from" address, can send to these obfuscated addresses and get forwarded to the actual recipient email. Otherwise the email gets rejected or ignored. (Of course TorProject folks can also be added to the list of allowed senders.) This will be very similar to how tor-relays@lists.torproject.org currently operates. This should reduce spamming as the cost for spamming is quite nontrivial (go through the hassle of setting up a new relay), while frictionlessly serving the existing and planned use cases, mainly 1) broadcast from tor project to all operators, 2) community discussion between relay operators, and 3) debugging and reaching individual operators or a small batch of them. Of course, this solution might be unnecessary (and I agree that historically there's not much spam). We can balance the benefit and cost -- the marginal cost for adding forwarding logic as part of the future operator ID / email verification system. This an interesting idea. However, I have my doubts that relay operators would be happy with it. I mean there are some folks that already have concerns that we require an email address to begin with (as this might leak things about themselves) but what you are suggesting is that Tor would centrally save those email addresses and keep a mapping to some public piece visible in the descriptor. Moreover and even worse, we would see whom of the relay operators would be talking to whom and when this would be happening (if I got the idea right), which sounds problematic to me and would probably not be in the interest of the operators. I think the comparison to the tor-relays mailing list is a bit mis-matched as well given that there is no requirement to sign up to that mailing list. So, setting up spam protections and filtering seems to be way less intrusive than what you have in mind. But I am fine thinking more about it if there is interest from the community. Thanks, Georg -- Danny -- Yours sincerely, Xiaoqi Chen On Sat, Oct 21, 2023 at 3:55 PM Georg Koppen wrote: Hello everyone! As indicated in our bug tracker a while ago[1] we have some strong incentives to redo our ContactInfo field. I've collected all the different use cases and combined them in a single proposal, discussing some potential concerns and future work we could get built upon it. The work is tracked on Gitlab as well[2] feel free to provide feedback there or here on the list as a follow-up to this announcement. For your convenience the proposal text is included below (if you like reading the .md file on Gitlab, see my personal repository for the latest draft[3]). """ ``` Filename: 100-contactinfo-mandatory-email-address.md Title: Restricting ContactInfo to Mandatory Email Address Author: Georg Koppen Created: 2023-10-21 Status: Open ``` ## Overview This document proposes to change the ContactInfo field from a free text field to one that is only allowing an email address. Additionally, providing such an email address will be required after this proposal is implemented. This is a normative document. ## Motivation Being able to reach out to and contact relay operators (bridge operators are included in that group) is important for our day-to-day work at Tor. While this has been brought up in the past as helpful in our fight against malicious relays, it goes well beyond that use case and is affecting general network health work, community-building efforts and quickly deploying anti-censorship related security fixes among other things. Tor is providing a `torrc` configuration option, `ContactInfo`, which is supposed to contain an email address (potentially obfuscated) under which the relay operator may be reached. However, in practise this does not work very well for two reasons: 1. `ContactInfo` is a free-form field which allows the operator to include not just email addresses but essentially any kind of text they want. This results in a lot of overhead when trying to contact all operators and failures to do so because not everything added to `ContactInfo` is a way to actually contact operators or undoing `ContactInfo` obfuscation turns out to be too hard. 2. `ContactInfo` can be empty as it is not required for all operators and in cases where it is supposed to be required (e.g. for operators running more than one relay) the requirement is not enforced. Over the years different teams at Tor developed diff
