Re: [tor-relays] MyFamily

[Matt Palmer]

On Sat, May 13, 2023 at 12:55:17PM -0400, denny.obre...@a-n-o-n-y-m-e.net wrote:
> This has probably been addressed before but why isn't the MyFamily value
> just a single, unique ID?
> 
> If I have the relays with the fingerprints "John", "Jane", and "Alice" and
> I want to add "Bob", wouldn't it be simpler (and more logical) to add the
> unique MyFamily "Smith" to each torrc file than listing all fingerprints?

I believe the reason for the current setup is to prevent randos from adding
themselves to your family of relays, and then causing problems.

- Matt

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily

[trinity pointard]

> This has probably been addressed before but why isn't the MyFamily value just 
> a single, unique ID?

There is a proposal to have some way of doing that in the future, but
that proposal isn't implemented
https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/321-happy-families.md
. It's not as easy as having a unique ID, you need to make sure a
relay can't spoof being part of a family, that's why it requires a two
way relationship for now, and will probably use some form of signature
in the future.

> What do you do when you have 50 relays and want to add or remove a relay? You 
> must modify 50 torrc files and restart all 50 relays? That seems tedious and 
> unnecessary.

Sadly, yes it is. You can reload the relays instead of restarting
them, which is somewhat better but still not great. On thing that can
help is using the %include feature of torrc to have your MyFamily line
in a distinct file you can easily copy around. That's not great, but
still easier/safer than editing a configuration file automatically.

regards,

trinity-1686a

On Mon, 15 May 2023 at 11:22, Matt Palmer  wrote:
>
> On Sat, May 13, 2023 at 12:55:17PM -0400, denny.obre...@a-n-o-n-y-m-e.net 
> wrote:
> > This has probably been addressed before but why isn't the MyFamily value
> > just a single, unique ID?
> >
> > If I have the relays with the fingerprints "John", "Jane", and "Alice" and
> > I want to add "Bob", wouldn't it be simpler (and more logical) to add the
> > unique MyFamily "Smith" to each torrc file than listing all fingerprints?
>
> I believe the reason for the current setup is to prevent randos from adding
> themselves to your family of relays, and then causing problems.
>
> - Matt
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily

[Nick Mathewson]

On Mon, May 15, 2023 at 5:21 AM Matt Palmer  wrote:
>
> On Sat, May 13, 2023 at 12:55:17PM -0400, denny.obre...@a-n-o-n-y-m-e.net 
> wrote:
> > This has probably been addressed before but why isn't the MyFamily value
> > just a single, unique ID?
> >
> > If I have the relays with the fingerprints "John", "Jane", and "Alice" and
> > I want to add "Bob", wouldn't it be simpler (and more logical) to add the
> > unique MyFamily "Smith" to each torrc file than listing all fingerprints?
>
> I believe the reason for the current setup is to prevent randos from adding
> themselves to your family of relays, and then causing problems.

That's correct: if an attacker can add their relay to a family without
the rest of the family's consent, they can use that to influence
routing and do some kinds of path-selection attacks.

For an easy example, let's imagine that we let any relay put itself
into any family.  Now suppose the attacker starts three relays A1, A2,
and A3.  Then, since nothing stops them, they put A1 into a family
with every relay on the network, except for A2 and A3.  Now, any time
a user (randomly) selects A1, they will find that the only other
relays they can use on that circuit are A2 and A3; this will build a
completely attacker-controlled path, they will get no privacy.

That said, there's an open proposal to try to make it so relays can
use a cryptographic identifier instead of a unique ID or a list:
https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/321-happy-families.md
I'd be curious to know whether relay operators think this proposal
would be usable for them; when I first circulated it, I didn't get a
lot of feedback.

(Oh, I see that Trinity has mentioned this too.  Hi, Trinity!)

cheers,
-- 
Nick
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily

[denny . obreham]

trinity pointard  wrote ..
> . It's not as easy as having a unique ID, you need to make sure a
> relay can't spoof being part of a family, that's why it requires a two
> way relationship for now, and will probably use some form of signature
> in the future.

Why not take advantage of the proof entry of ContactInfo? ( 
https://nusenu.github.io/ContactInfo-Information-Sharing-Specification/#proof )

All you need to do is to add a file like 
https://example.com/.well-known/tor-relay/family-rsa-fingerprint.txt (uri-rsa) 
or DNS TXT record family-fingerprint.example.com (dns-rsa) which would contain 
one of the relay fingerprints of the family (the same one for all relays). The 
name is thus unique and you can easily check if the family name and 
corresponding relay fingerprint are linked to the same relay operator. The only 
drawback is if the chosen relay for the family name is removed from the network 
then a new one will have to be chosen and all the MyFamily values changed on 
every relay. Most likely a very rare event.

Heck, a file https://example.com/.well-known/tor-relay/rsa-fingerprint.txt has 
already the same content as MyFamily. (Which I am guessing is one way "Alleged 
Family Members" are identified on Tor metrics.)

_

> For an easy example, let's imagine that we let any relay put itself
> into any family.  Now suppose the attacker starts three relays A1, A2,
> and A3.  Then, since nothing stops them, they put A1 into a family
> with every relay on the network, except for A2 and A3.  Now, any time
> a user (randomly) selects A1, they will find that the only other
> relays they can use on that circuit are A2 and A3; this will build a
> completely attacker-controlled path, they will get no privacy.

How can you find a family with every relay on the network? According to the 
proposal, the largest family has 270 members and, according to Tor metrics, 
they are about 2000 exit relays. Even assuming an attacker controls A1 and A2, 
both falsely belonging to two different families with 250 members each 
(assuming all exit relays), the attacker would just increase his chances of 
having his A3 exit relay to be selected from 1/2000 to 1/1500. Not nothing, but 
not a large advantage either.

The problem you are describing is actually one that is possible RIGHT NOW with 
MyFamily. An attacker CAN list all relay fingerprints he can find in its 
MyFamily except his relays. If he could only list ONE family name, he could 
only spoof it with the most popular family name used (assuming family name 
uniqueness is not enforced and more than one relay operator use the same name). 
But it is impossible that all [good] relay operators use the same family name, 
even if they would be allowed to select one as simple as "Smith".

MyFamily with a single name seems both a very tiny spoofing problem AND an 
improvement over the current configuration.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily

[Matt Palmer]

On Mon, May 15, 2023 at 10:18:29AM -0400, denny.obre...@a-n-o-n-y-m-e.net wrote:
> trinity pointard  wrote ..
> > For an easy example, let's imagine that we let any relay put itself
> > into any family.  Now suppose the attacker starts three relays A1, A2,
> > and A3.  Then, since nothing stops them, they put A1 into a family
> > with every relay on the network, except for A2 and A3.  Now, any time
> > a user (randomly) selects A1, they will find that the only other
> > relays they can use on that circuit are A2 and A3; this will build a
> > completely attacker-controlled path, they will get no privacy.
> 
> How can you find a family with every relay on the network?  According to
> the proposal, the largest family has 270 members and, according to Tor
> metrics, they are about 2000 exit relays.  Even assuming an attacker
> controls A1 and A2, both falsely belonging to two different families with
> 250 members each (assuming all exit relays), the attacker would just
> increase his chances of having his A3 exit relay to be selected from
> 1/2000 to 1/1500.  Not nothing, but not a large advantage either.

I presumed the attacker would create a new family, and declare all other
relays members of that family.

> The problem you are describing is actually one that is possible RIGHT NOW
> with MyFamily.  An attacker CAN list all relay fingerprints he can find in
> its MyFamily except his relays.

Except that the family won't be recognised as containing all those other
relays because the other relays don't include the attacker's relay A1 in
their MyFamily declaration.

- Matt

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily

[Matthias Fetzer]

Hi,

On 5/13/23 18:55, denny.obre...@a-n-o-n-y-m-e.net wrote:

What do you do when you have 50 relays and want to add or remove a relay? You 
must modify 50 torrc files and restart all 50 relays? That seems tedious and 
unnecessary. I'm trying to find a way to automate this process and I can wrap 
my head around the complexity of the problem, especially with multiple servers.


I maintain my MyFamily completely automated using puppet. So once I add 
new relays to my infrastructure, all the torrc files automatically get 
updated and the relays reload (or restart?).


If you really do run >5 relays, I'd highly suggest to use whatever 
automation (puppet, ansible, salt, chef,...) that suits you. But don't 
even try to manually maintain that amount of relays by hand.


As a bonus you can have a unified setup of unattended upgrades and such 
things too.


Best regards, Matthias


OpenPGP_signature
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily format

[NOC]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Just remove the parenthesis from that line and all should work fine.

Make it look like this:

MyFamily
$A401E765D8B24057C3D91109D3C3E8D9E4B8BEAE,$68F162C50F22205FB3B728ACE6747
0B17D7430D6

On 10/29/2015 12:44 AM, starfire wrote:
> MyFamily $(A401E765D8B24057C3D91109D3C3E8D9E4B8BEAE), 
> $(68F162C50F22205FB3B728ACE67470B17D7430D6)

- -- 
Tim Semeijn
Babylon Network

PGP: 0x2A540FA5 / 3DF3 13FA 4B60 E48A E755 9663 B187 0310 2A54 0FA5
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCgAGBQJWMWA/AAoJELGHAxAqVA+l4hcP/1fzlPCldNPXlA3aE6r17KF2
1n9E9CcKx2fLN+X0aJGjq4yb1qr49OK/TrTM3KSPRDU/do8cfc4JtXmkE/NImBVB
mMS8WJf55cNITACiJ7ZZSM+a1YEfCHlhYZ5chFuG3IZ7haeiHo1GXql+78QINjze
TTMtChPPIK/FGpoV30QlyAE+KgFFHAnCFK1EOCPm/nDP+JiE19iCNV0toX+yhGtU
3oxbY4N+V+74TG5CQSa3kKANsLGrWPkoEwKKjGOpAteN7dGt2TlW4omhbZVC/A+y
UU0HAYxn7sEsUS2IyVYYkBwUOsziScAwTiReWb81W4w0kTAtVz9zyG5PCBBySuCt
safRZ5QfZI4e3tPTP+Ce6E19ARgWTP6JO9J4DPGDEb1tqsNeweDFcXZpPVtusJ6l
kKQP7ptdZw3uVUKtR7gfSOgM4pybPW6kTp2QTse15ziOzFhmwXegUzf5O5k+Wlzx
atzgc7nPbSmXmbOPXTYVNlSaYMMyT4LSq++YRX25lS1o75EswP589BjE1ETiHV8R
iza9pi2JX7ua+5Q0zYHI4R6Fj2jF7/hr8EQ5MMUu17KsrTPKjggqqho0S0PMUwfA
i8WVRNqyICd32q/gkFoQqUnkw1Likm6fOR7P48omn7j5U7Bo+Ync5p6jrcc6MmUF
H2T4CEx2+5JqaY330yTi
=HfXR
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily format

[Green Dream]

The correct format for MyFamily is documented here:
https://www.torproject.org/docs/faq.html.en#MultipleRelays

I'm not sure how important it is to set at this point though?
https://trac.torproject.org/projects/tor/ticket/6676
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily format

[Tim Wilson-Brown - teor]

> On 29 Oct 2015, at 14:48, Green Dream  wrote:
> 
> The correct format for MyFamily is documented here: 
> https://www.torproject.org/docs/faq.html.en#MultipleRelays 
> 
> 
> I'm not sure how important it is to set at this point though? 
> https://trac.torproject.org/projects/tor/ticket/6676 
> 
MyFamily is still being used to detect Sybil attacks, so it's quite important 
to set it for families of relays.

(I don't think that ticket has moved much, it probably needs to be turned into 
a proposal, and then have community consensus, before being implemented.)

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] 'MyFamily' .... torworld.org

[nusenu]

pa011:
> Could you explain please why names like torworld.org, torservers.net,
> online de, etc. are not aggregated in one position on
> https://raw.githubusercontent.com/ornetstats/stats/master/o/main_exit_operators.txt


https://github.com/ornetstats/stats writes:
> Relays are aggregated based on effective families.

So they are not setting MyFamily properly or someone else is using their
contactInfo.

Maybe I should rename the files to main_..._families.txt



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] 'MyFamily' .... torworld.org

[pa011]

Am 10.01.2017 um 21:01 schrieb nusenu:
> 
> 
> pa011:
>> Could you explain please why names like torworld.org, torservers.net,
>> online de, etc. are not aggregated in one position on
>> https://raw.githubusercontent.com/ornetstats/stats/master/o/main_exit_operators.txt
> 
> 
> https://github.com/ornetstats/stats writes:
>> Relays are aggregated based on effective families.
> 
> So they are not setting MyFamily properly or someone else is using their
> contactInfo.
> 
> Maybe I should rename the files to main_..._families.txt

Better would be a warning:  Family currently worth nothing !!


torservers.net: 
https://atlas.torproject.org/#details/ABF7FBF389C9A747938B639B20E80620B460B2A9 
-> no one of the given family is blue, so yes the family seems wrong


zwiebeln online de: 
https://atlas.torproject.org/#details/0E2773CF5609FD7FA52837E53DF4B0D47F0D15B7 
-> all the family members are blue, counting 27 , which is slightly more than 
your 2 lines added together this morning


torworld.org : 
https://atlas.torproject.org/#details/3D512D9ACD9A6056ED6EA20C46406FA5A6788321 
-> currently 12 big Exits - no Family given at all at 
https://torstatus.rueckgr.at/index.php
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] 'MyFamily' .... torworld.org

[Moritz Bartl]

On 01/10/2017 10:16 PM, pa011 wrote:
>>> Could you explain please why names like torworld.org, torservers.net,
>>> online de, etc. are not aggregated in one position on
>>> https://raw.githubusercontent.com/ornetstats/stats/master/o/main_exit_operators.txt
>> So they are not setting MyFamily properly or someone else is using their
>> contactInfo.

This is correct; our MyFamily settings are very out of sync.

-- 
Moritz Bartl
https://www.torservers.net/
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] 'MyFamily' .... torworld.org

[Paul]

Hey, why don’t you just explain to the relay mailing list what it is all 
about..?

Why are you different to "abuse [AT] torworld.org " and where are you probably 
the same ?

What is your idea (business model) behind , why are supporting Tor in such a 
heavy way ?

What are your driving forces...?

Its not a must, but it would be less suspicious for somebody with you size!

Thanks and Regards - to whom ever - Paul

Am 19.01.2017 um 05:22 schrieb e:
> Thanks for the heads up Paul.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] 'MyFamily' .... torworld.org

[niftybunny]

The funny thing is … while bashing torworld nobody cares that I am on my way to 
be number one. Please dont mind me, just a rodent passing by ….


> On 19 Jan 2017, at 22:01, Paul  wrote:
> 
> Hey, why don’t you just explain to the relay mailing list what it is all 
> about..?
> 
> Why are you different to "abuse [AT] torworld.org " and where are you 
> probably the same ?
> 
> What is your idea (business model) behind , why are supporting Tor in such a 
> heavy way ?
> 
> What are your driving forces...?
> 
> Its not a must, but it would be less suspicious for somebody with you size!
> 
> Thanks and Regards - to whom ever - Paul
> 
> Am 19.01.2017 um 05:22 schrieb e:
>> Thanks for the heads up Paul.
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] 'MyFamily' .... torworld.org

[teor]

> On 20 Jan 2017, at 08:01, Paul  wrote:
> 
> Hey, why don’t you just explain to the relay mailing list what it is all 
> about..?
> 
> Why are you different to "abuse [AT] torworld.org " and where are you 
> probably the same ?
> 
> What is your idea (business model) behind , why are supporting Tor in such a 
> heavy way ?
> 
> What are your driving forces...?
> 
> Its not a must, but it would be less suspicious for somebody with you size!
> 
> Thanks and Regards - to whom ever - Paul
> 
> Am 19.01.2017 um 05:22 schrieb e:
>> Thanks for the heads up Paul.

For the record, I am not worried about the answers to these questions,
particularly from someone affiliated with an existing organisation that
operates tor relays.

I apologise for the misunderstanding about your email address.
I'll try to handle similar situations better in future.

Thanks for setting MyFamily, too!

Go in peace, e (and feel free to check your emails infrequently!)

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org






signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] 'MyFamily' .... torworld.org

[Paul]

"thank you for running a Tor relay" - or in other words - got a spare T-Shirt 
for you - what’s your size Markus :-)

Hopefully you have read here recently this " but imagine if you could get 
access to
some sort of administration panel for OVH/DigitalOcean etc. Co-opting a
large number of relays/exits through that process might be a lot easier,."

One could imagine other possible scenarios as well - so I wouldn’t put all eggs 
in the same basket on my way to the market..



Am 20.01.2017 um 05:57 schrieb niftybunny:
> The funny thing is … while bashing torworld nobody cares that I am on my way 
> to be number one. Please dont mind me, just a rodent passing by ….
> 
> 
>> On 19 Jan 2017, at 22:01, Paul  wrote:
>>
>> Hey, why don’t you just explain to the relay mailing list what it is all 
>> about..?
>>
>> Why are you different to "abuse [AT] torworld.org " and where are you 
>> probably the same ?
>>
>> What is your idea (business model) behind , why are supporting Tor in such a 
>> heavy way ?
>>
>> What are your driving forces...?
>>
>> Its not a must, but it would be less suspicious for somebody with you size!
>>
>> Thanks and Regards - to whom ever - Paul
>>
>> Am 19.01.2017 um 05:22 schrieb e:
>>> Thanks for the heads up Paul.
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily update required

[pa011]

Hi nusenu,

thanks for your great work - lets assume for a second I would be with several 
relays on both of you lists:

https://raw.githubusercontent.com/ornetstats/stats/master/o/main_exit_operators.txt

https://raw.githubusercontent.com/ornetstats/stats/master/o/potentially_dangerous_relaygroups.txt

How can I best find out which ones bring me on your second one?

Whats the number in the column MyFamilyCount - how added up?


Best regards

Paul

 only example - not me...
> +-+-+---+--+
> | first_seen  | IP  | MyFamilyCount | exit |
> +-+-+---+--+
> |   |9. |0 |
> |   |9. |0 |
> |   |8. |1 |
> |   |  NULL |0 |
> +-+-+---+--+
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily update required

[nusenu]

pa011:
> How can I best find out which ones bring me on your second one?

- search for your all your relays on atlas.torproject.org.

- open every of your relays in a new tab

- look for orange colored family members
(they represent misconfigured/asymmetric configurations)

if there are none, make sure the number of blue lines in 'family
members' is equal to the number of relays you run -1.



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily consensus byte savings

[teor]

> On 2 Aug 2017, at 17:22, grarpamp  wrote:
> 
> Consensus could save ~500kB (3%) by clients automatically swapping
> MyFamily from config plaintext format to bitmap selection from DA
> provided list of recently seen node FP's before publishing descriptor.

This change would break existing relay descriptor parsers.
We try not to do that.

We have several strategies for reducing directory download size, in
particular:
* consensus diffs, and
* better compression.

For more details, see:
https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/Sponsor4Design

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org






signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily line commented out but stays valid?

[lists]

On 22.10.2019 18:53, Michael Gerstacker wrote:

when i comment out the MyFamily line with an # in the torrc on one 
relay it

seems to be still handled like before.

Hitting x in nyx or waiting a few days or rebooting does not make any
change.


Nyx or arm must be called as root to save the config.

Look at the torrc file with nano or vim.

--
╰_╯ Ciao Marco!

My family:6D6EC2A2E2ED8BFF2D4834F8D669D82FC2A9FA8D
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily line commented out but stays valid?

[Michael Gerstacker]

Am Di., 22. Okt. 2019 um 19:04 Uhr schrieb :

> On 22.10.2019 18:53, Michael Gerstacker wrote:
>
> > when i comment out the MyFamily line with an # in the torrc on one
> > relay it
> > seems to be still handled like before.
> >
> > Hitting x in nyx or waiting a few days or rebooting does not make any
> > change.
>
> Nyx or arm must be called as root to save the config.
>
> Look at the torrc file with nano or vim.
>

I always edit the torrc with nano and use nyx only to reload the torrc so
this cant be the reason.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily line commented out but stays valid?

[ECAN - Matt Westfall]

If memory serves, if you're running multiple nodes on the same IP or in 
the same /24 tor protocol automatically families any nodes running in 
the same /24



Matt Westfall
President & CIO
ECAN Solutions, Inc.
Everything Computers and Networks
804.592.1672

-- Original Message --
From: "Michael Gerstacker" 
To: tor-relays@lists.torproject.org
Sent: 11/4/2019 2:26:03 AM
Subject: Re: [tor-relays] MyFamily line commented out but stays valid?


Am Di., 22. Okt. 2019 um 19:04 Uhr schrieb :

On 22.10.2019 18:53, Michael Gerstacker wrote:

> when i comment out the MyFamily line with an # in the torrc on one
> relay it
> seems to be still handled like before.
>
> Hitting x in nyx or waiting a few days or rebooting does not make 
any

> change.

Nyx or arm must be called as root to save the config.

Look at the torrc file with nano or vim.


I always edit the torrc with nano and use nyx only to reload the torrc 
so this cant be the reason.___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily line commented out but stays valid?

[teor]

Hi,

> On 9 Nov 2019, at 01:53, ECAN - Matt Westfall  wrote:
> 
> If memory serves, if you're running multiple nodes on the same IP or in the 
> same /24 tor protocol automatically families any nodes running in the same /24

Tor clients automatically exclude relays in the same IPv4 /24 and IPv6 /32
when choosing paths. (IPv6 support was added in 0.4.0.)

The subnet check is implemented separately to MyFamily, but the end result
is the same.

> -- Original Message --
> From: "Michael Gerstacker" 
> To: tor-relays@lists.torproject.org
> Sent: 11/4/2019 2:26:03 AM
> Subject: Re: [tor-relays] MyFamily line commented out but stays valid?
> 
>> Am Di., 22. Okt. 2019 um 19:04 Uhr schrieb :
>> On 22.10.2019 18:53, Michael Gerstacker wrote:
>> 
>> > when i comment out the MyFamily line with an # in the torrc on one 
>> > relay it
>> > seems to be still handled like before.
>> > 
>> > Hitting x in nyx or waiting a few days or rebooting does not make any
>> > change.
>> 
>> Nyx or arm must be called as root to save the config.
>> 
>> Look at the torrc file with nano or vim.
>> 
>> I always edit the torrc with nano and use nyx only to reload the torrc so 
>> this cant be the reason.

Can you send us a link to your relay on Relay Search, and a copy of your
torrc?

It's hard to debug without detailed information.

T

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily line commented out but stays valid?

[Michael Gerstacker]

>
> Can you send us a link to your relay on Relay Search, and a copy of your
> torrc?
>
> It's hard to debug without detailed information.
>
>
I already filled a ticket and included my torrc there like requested from
nick:
https://trac.torproject.org/projects/tor/ticket/32541

Yesterday i checked the MyFamily line on all relays so that it now is
definitely the same on all relays which are part of my family because i
stopped caring about the MyFamily option weeks ago after it seemed to not
work like expected.
Then i sent a HUP on all relays and waited for metrics to show them like
expected so that all 23 relays are shown as "Effective Family Members" on
all relays and that no relay is listed as "Alleged Family Member" now.
About two hours later the changes were shown that way in metrics.

Then i commented out the MyFamily line on angeltest8
7AAF5597B18D82CC90CA95FB7976A1CEA4A32E06

and sent a HUP on that relay again.

Four hours later still nothing changed in metrics so i stopped and started
the tor daemon to be sure that the commented out MyFamily line is
definitely recognized but today still no change in metrics and angeltest8
is handled like before.

But as far as i understand it angeltest8 should now in metrics show zero
"Effective Family Members" and zero "Alleged Family Members" and all other
22 relays should list his fingerprint as "Alleged Family Member".


Greetz
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily and ContactInfo fields are required for operators running multiple tor instances

[Dmitrii Tcvetkov]

> > MyFamily **must** be set correctly if you run more than one
> > relay or bridge. (That is, every relay should list all the others
> > as described above.)  

So if I run some relays and also some bridges I must to specify
unhashed fingerprints of the bridges in MyFamily in configs of all my
relays?


pgpk1kx7vpKsu.pgp
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily and ContactInfo fields are required for operators running multiple tor instances

[Sebastian Hahn]

> On 11. Jan 2018, at 20:44, Dmitrii Tcvetkov  wrote:
> 
>>>MyFamily **must** be set correctly if you run more than one
>>> relay or bridge. (That is, every relay should list all the others
>>> as described above.)
> 
> So if I run some relays and also some bridges I must to specify
> unhashed fingerprints of the bridges in MyFamily in configs of all my
> relays?

No. That's harmful. Never list bridge fingerprints in MyFamily. I have
reopened the closed bug report[0] because the man page now gives this
harmful advice (and actually contradicts itself). Let's hope it gets
fixed quickly.

[0]: https://trac.torproject.org/projects/tor/ticket/24526



signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily and ContactInfo fields are required for operators running multiple tor instances

[Dmitrii Tcvetkov]

On Thu, 11 Jan 2018 21:02:42 +0100
Sebastian Hahn  wrote:

> > On 11. Jan 2018, at 20:44, Dmitrii Tcvetkov 
> > wrote: 
> >>>MyFamily **must** be set correctly if you run more than one
> >>> relay or bridge. (That is, every relay should list all the others
> >>> as described above.)  
> > 
> > So if I run some relays and also some bridges I must to specify
> > unhashed fingerprints of the bridges in MyFamily in configs of all
> > my relays?  
> 
> No. That's harmful. Never list bridge fingerprints in MyFamily. I have
> reopened the closed bug report[0] because the man page now gives this
> harmful advice (and actually contradicts itself). Let's hope it gets
> fixed quickly.
> 
> [0]: https://trac.torproject.org/projects/tor/ticket/24526
> 

Yeah, thats why I asked. Thanks for the answer.


pgpmIKqM8qAHF.pgp
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily and ContactInfo fields are required for operators running multiple tor instances

[Charly Ghislain]

If my relay running at ip A is also available, although not advertised, at
ip B, should I bother with MyFamily settings?

This may happen if the relay is running as service in a docker swarm.

On Thu, Jan 11, 2018 at 9:11 PM, Dmitrii Tcvetkov 
wrote:

> On Thu, 11 Jan 2018 21:02:42 +0100
> Sebastian Hahn  wrote:
>
> > > On 11. Jan 2018, at 20:44, Dmitrii Tcvetkov 
> > > wrote:
> > >>>MyFamily **must** be set correctly if you run more than one
> > >>> relay or bridge. (That is, every relay should list all the others
> > >>> as described above.)
> > >
> > > So if I run some relays and also some bridges I must to specify
> > > unhashed fingerprints of the bridges in MyFamily in configs of all
> > > my relays?
> >
> > No. That's harmful. Never list bridge fingerprints in MyFamily. I have
> > reopened the closed bug report[0] because the man page now gives this
> > harmful advice (and actually contradicts itself). Let's hope it gets
> > fixed quickly.
> >
> > [0]: https://trac.torproject.org/projects/tor/ticket/24526
> >
>
> Yeah, thats why I asked. Thanks for the answer.
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily and ContactInfo fields are required for operators running multiple tor instances

[nusenu]

Charly Ghislain:
> If my relay running at ip A is also available, although not advertised, at
> ip B, should I bother with MyFamily settings?
> 
> This may happen if the relay is running as service in a docker swarm.
If only one of your relays in consensus you do not need to set MyFamily.
If you have more than one relay in consensus MyFamily is required.

-- 
https://mastodon.social/@nusenu
twitter: @nusenu_



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily and ContactInfo fields are required for operators running multiple tor instances

[Vinícius Zavam]

On Jan 11, 2018 19:09, "nusenu"  wrote:

Hi,


hi,

I'd like to highlight that today the following
two sentences requiring ContactInfo and MyFamily for operators running
multiple relays
got added to the tor manual page [1]:

> ContactInfo **must** be set to a working address if you run more than
one
> relay or bridge.  (Really, everybody running a relay or bridge should
set
> it.)
>
>
> MyFamily **must** be set correctly if you run more than one relay or
> bridge. (That is, every relay should list all the others as described
> above.)


sorry for getting back to it a little late!

well ...

considering that MyFamily is perfectly fine, what about those using *only*
PGP key fingerprints as ContactInfo? valid keys, publicly available (with
working email address, and personal info from the admin).

will these relays be removed from the network, or tagged as "bad" ones?

The main motivation for this change have been suspicious tor relays that
bad-relays@ ML
decided to remove but had no way direct way to contact and so was forced
to make hard decisions.

With these clear statements bad-relays@ ML group can handle problematic
cases
better.

regards,
nusenu



[1] https://gitweb.torproject.org/tor.git/tree/doc/tor.1.txt#n1717


--
https://mastodon.social/@nusenu
twitter: @nusenu_


KR,
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily and ContactInfo fields are required for operators running multiple tor instances

[nusenu]

Vinícius Zavam:
> considering that MyFamily is perfectly fine, what about those using *only*
> PGP key fingerprints as ContactInfo? valid keys, publicly available (with
> working email address, and personal info from the admin).
> 
> will these relays be removed from the network, or tagged as "bad" ones?

I don't think so.

(please fix the quoting or remove the text from the original email
if you are not quoting - it is hard to find your lines among the others)

-- 
https://mastodon.social/@nusenu
twitter: @nusenu_



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily and ContactInfo fields are required for operators running multiple tor instances

[grarpamp]

On Wed, Jan 31, 2018 at 3:08 PM, Vinícius Zavam  wrote:
> what about those using *only*
> PGP key fingerprints as ContactInfo? valid keys, publicly available (with
> working email address, and personal info from the admin).
>
> will these relays be removed from the network, or tagged as "bad" ones?

Seems to me that any readily discernible format of listing any
reasonably frictionless contact method should be viewed as ok...

PGP, ricochet, IPFS, postal mail, email, CJDNS, telephone,
twitter, ICQ, blockchain message, whatever.

Ambiguous addresses of such systems can be made
discernible / differentiable by prefixing them with tags...
pgp:, tel:, onioncat:, irc network, etc

If someone obfuscates an email address by converting it
to binary blob or digits, without explaining it in the contact
field as such, that's probably not 'readily discernible'.

Nor would closed source or paid services likely be
a 'reasonably frictionless' means of communication
for many in this space.

The more complex or esoteric the system, or unbuffered realtime
presence it requires to use it, the more likely no one will bother,
leading to potential problems when trying to...

"Hey, what's up with your relay?".
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays