Igor Mitrofanov:
Is there anything Tor can do inside the Tor browser itself? I would understand and support something as drastic as disabling non-HTTPS, non-Onion connections altogether. When the user types a URL with no protocol prefix, the browser will assume HTTPS. This may break some websites, so a transition may be required. Such a transition can start with a warning banner, proceed to a warning page, then to a browser setting to enable it, and finally to disabling the capability for good.
The above assumes there is much less benefit in running a rogue Tor exit if the operator cannot see or alter the content it is relaying.
I think that assumption is not unreasonable. Yes, we are actively thinking about trying an HTTPS-only mode out as part of a defense against similar attacks. See the blog post[1] about it which we just published, which should give more context for the incident as well.
Georg
[1] https://blog.torproject.org/bad-exit-relays-may-june-2020
On Fri, Aug 14, 2020 at 1:25 PM niftybunny < abuse-contact@to-surf-and-protect.net> wrote:
https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-...
- There are multiple indicators that suggest that the attacker still
runs >10% of the Tor network exit capacity (as of 2020–08–08)
And on this one: I trust nusenu who told me we still have massiv malicious relays.
On 14. Aug 2020, at 19:12, Roger Dingledine arma@torproject.org wrote:
On Thu, Aug 13, 2020 at 03:34:55PM +0200, niftybunny wrote:
This shit has to stop. Why are the relays in question still online?
Hm? The relays are not online -- we kicked them in mid June.
We don't know of any relays right now that are attacking users.
Or said another way, if anybody knows of relays that are doing any attacks on Tor users, ssl stripping or otherwise, please report them. I believe that we are up to date and have responded to all reports.
That said, there is definitely the uncertainty of "I wonder if those OVH relays are attacking users -- they are run by people I don't know, though there is no evidence that they are." We learned from this case that making people list and answer an email address didn't slow them down.
I still think that long term the answer is that we need to shift the Tor network toward a group of relay operators that know each other -- transparency, community, relationships, all of those things that are costly to do but also costly to attack: https://gitlab.torproject.org/tpo/metrics/relay-search/-/issues/40001 https://lists.torproject.org/pipermail/tor-relays/2020-July/018656.html https://lists.torproject.org/pipermail/tor-relays/2020-July/018669.html
But the short term answer is that nobody to my knowledge has shown us any current relays that are doing attacks.
Hope that helps, --Roger
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays