[tor-relays] Genereal queations about MyFamily

Hello,

I am running some servers in the Tor infrastructure for research reasons and my own (mainly political) interest. I have a few questions, the answer to which would help me a lot at the moment.

1. can someone explain to me how the fingerprint of a Family is created? For example, I have 7 exit relays in a Family, and can't remember how that came about.
1. 2. to simplify the torrc, would it not be advantageous to enter in "MyFamily" not all fingerprints, but only that of the Family as such? Are there already suggestions for this with the developers? If not, which Git would be the most suitable to place my suggestion?
I know, then everyone could "join" a family, since another node does not explicitly also include the one in the config. But there will be a solution for that. Like with AROI from nusenu.

I explore various possibilities to deanonymize. My motives are solely dedicated to the Tor project. I have configured a bridge and I know that it is also possible to restrict exits. For example via the country code. I have also done that successfully, but:
2. 1. I don't manage to configure a bridge _and_ a fixed exit.
2. 2. also here I would welcome a feature to specify the fingerprint of a family as forced exits instead of single fingerprints or countrycodes. Also here the question like in 1.2, where could I place this then best.

All this does not necessarily provide an advantage in anonymization, but it makes research much easier. And before someone says that i don't need that... there is a lot that i don't need and that doesn't serve the purpose of a software, you are not forced to configure it let alone recommend it. I'm just talking about possibilities that should facilitate the research.

Hi Martin,

Martin Gebhardt:

1. can someone explain to me how the fingerprint of a Family is
created?

The configuration on a tor relay lists all relay fingerprints
with which the relay is in a MyFamily (and optionally itself),
but there is no "MyFamily fingerprint" - there are just relay fingerprints.

For example, I have 7 exit relays in a Family, and can't
remember how that came about.

You probably have a MyFamily line on each of your relays.

1. 2. to simplify the torrc, would it
not be advantageous to enter in "MyFamily" not all fingerprints, but
only that of the Family as such? Are there already suggestions for
this with the developers?

A new MyFamily design is in the works, which will be easier to configure for operators
https://lists.torproject.org/pipermail/tor-relays/2021-November/019954.html

Like with AROI
from nusenu.

To avoid misunderstandings: An AROI is not a MyFamily replacement.

I have configured a bridge and I know
that it is also possible to restrict exits. For example via the
country code. I have also done that successfully, but: 2. 1. I don't
manage to configure a bridge _and_ a fixed exit.

That is more a tor client configuration question, but you can
show your torrc configuration so people can point out potential issues
(maybe on the tor-talk mailing list - if one can still post to it)

kind regards,
nusenu

I explore various possibilities to deanonymize. My motives are solely
dedicated to the Tor project. I have configured a bridge and I know that
it is also possible to restrict exits. For example via the country code.

The country code is bad. For example all BuyVM/Frantec nodes are listed in the
USA. But at _least_ 151 of them are actually in Roost Luxembourg @
luxconnect.lu.
https://metrics.torproject.org/rs.html#search/2605:6400:30

I have also done that successfully, but:
2. 1. I don't manage to configure a bridge _and_ a fixed exit.

Set EntryNodes and ExitNodes with StrictNodes in your torrc:

# A list of identity fingerprints and country codes of nodes to use for the
first hop in your normal circuits.
EntryNodes $bridgefingerprint1,$bridgefingerprint2,...
# A list of identity fingerprints, country codes, and address patterns of nodes
to use as exit node.
ExitNodes $fingerprint,$fingerprint,203.0.113.0/24,...
StrictNodes 1

Hey nusenu,

thanks for your quick reply.

Hi Martin,

[..]>> 1. 2. to simplify the torrc, would it

not be advantageous to enter in "MyFamily" not all fingerprints, but
only that of the Family as such? Are there already suggestions for
this with the developers?

A new MyFamily design is in the works, which will be easier to configure for operators
[tor-relays] [Looking for feedback] An easier way to declare families

Yes, this reads great.

Like with AROI
from nusenu.

To avoid misunderstandings: An AROI is not a MyFamily replacement.

I know I just thought of AROI as a way to verify MyFamily information.

But your reference to Nick's performance is exactly the sort of thing I had in mind. That would make it much easier to handle large families.

[..]

For all interested, the current link to "321-happy-families.md" is proposals/321-happy-families.md · main · The Tor Project / Core / Tor Specifications · GitLab

Thanks!

Hello Marco,

I explore various possibilities to deanonymize. My motives are solely
dedicated to the Tor project. I have configured a bridge and I know that
it is also possible to restrict exits. For example via the country code.

The country code is bad. For example all BuyVM/Frantec nodes are listed in the
USA. But at _least_ 151 of them are actually in Roost Luxembourg @
luxconnect.lu.
Relay Search

Yes all right. But I only mentioned it as an example. I didn't want a debate about how useful it is to use country codes. But thanks for this hint.

[..]

# A list of identity fingerprints, country codes, and address patterns of nodes
to use as exit node.
ExitNodes $fingerprint,$fingerprint,203.0.113.0/24,...
StrictNodes 1

StrictNodes is what was missing. Thank you, now everything works as I expected.

Martin