primary target audience:
- Tor user
- Tor relay operators
- onion service operators
- and everyone that cares about Tor
Thanks for the talk. While watching it yesterday I saw on the KAX17 timeline that the attacker "attempts to restore their foothold" after they got kicked out of the network. Could you please send the fingerprints of their new relays to the bad-relays mailing list so we can get them eventually rejected and provide a safer Tor experience for all of our users?
Somewhat related I was wondering about what happened to the BTCMITM20 attacker. The image with the exit fraction and concurrently running malicious relays graphs seems to be claiming that never all of their relays were gone and the number is in fact growing again starting around mid-March 2021. Are there still relays from them running on the network? If so, please send their fingerprints to the bad-relays mailing list, too, so we can get those relays removed.
primary target audience:
- Tor user
- Tor relay operators
- onion service operators
- and everyone that cares about Tor
Thanks for the talk. While watching it yesterday I saw on the KAX17 timeline that the attacker "attempts to restore their foothold" after they got kicked out of the network. Could you please send the fingerprints of their new relays to the bad-relays mailing list so we can get them eventually rejected and provide a safer Tor experience for all of our users?
Somewhat related I was wondering about what happened to the BTCMITM20 attacker. The image with the exit fraction and concurrently running malicious relays graphs seems to be claiming that never all of their relays were gone and the number is in fact growing again starting around mid-March 2021. Are there still relays from them running on the network? If so, please send their fingerprints to the bad-relays mailing list, too, so we can get those relays removed.
Bumping this thread to be sure it does not fall through the cracks and we get all remaining relays kicked out in case there are any left. (We have not received any fingerprints so far on the bad-relays@ list)
Georg Koppen:
> Georg Koppen:
>> Hello!
>>
>> nusenu:
>>> in chronological order:
>>>
>>> ------------------------------------------------------
>>>
>>> title: Towards a more Trustworthy Tor Network
>>>
>>> when: 2021-12-28, 17:00 CET
>>> where: See you soon … somewhere else! – rC3 NOWHERE Streaming
>>>
>>> primary target audience:
>>> - Tor user
>>> - Tor relay operators
>>> - onion service operators
>>> - and everyone that cares about Tor
>>
>> Thanks for the talk. While watching it yesterday I saw on the KAX17
>> timeline that the attacker "attempts to restore their foothold" after
>> they got kicked out of the network. Could you please send the
>> fingerprints of their new relays to the bad-relays mailing list so we
>> can get them eventually rejected and provide a safer Tor experience
>> for all of our users?
>>
>> Somewhat related I was wondering about what happened to the BTCMITM20
>> attacker. The image with the exit fraction and concurrently running
>> malicious relays graphs seems to be claiming that never all of their
>> relays were gone and the number is in fact growing again starting
>> around mid-March 2021. Are there still relays from them running on the
>> network? If so, please send their fingerprints to the bad-relays
>> mailing list, too, so we can get those relays removed.
>
> Bumping this thread to be sure it does not fall through the cracks and
> we get all remaining relays kicked out in case there are any left. (We
> have not received any fingerprints so far on the bad-relays@ list)
I am not in the mood of pinging this thread any further. We did not get any fingerprints sent over nor any clarification so far either. Thus, it seems no known attackers belonging to those two groups are currently on the network anymore, which is good news.
Just as a general reminder (not just for nusenu but anyone else wanting to help us as well in hunting bad relays): for the sake of our users, please report all your findings to the bad-relays mailing list[1]. It's only the bad-relay team who can get malicious relays kicked out of the network. Keeping that information away from us and using some ExcludeNodes hacks instead is *not* the way to go for, if the safety of our users and the safety of our network is your goal.