Georg Koppen:
Hello everyone!
Some of you might have noticed that there is a visible drop of relays on our consensus-health website.[1] The reason for that is that we kicked roughly 600 non-exit relays out of the network yesterday. In fact, only a small fraction of them had the guard flag, so the vast majority were middle-only relays. We don't have any evidence that these relays were doing any attack, but there are attacks possible which relays could perform from the middle position. Therefore, we decided we'd remove those relays for our users' safety sake.
While we were already tracking some of the relays for a while, a big chunk of them was also independently reported by a cypherpunk and nusenu helped analyzing the data. Thanks to both of them from our side.
Foe what it is worth: a large part of those relays did not set any valid contact info and/or when we tried to contact some of the relays' operators the emails bounced. However, we sometimes need to have ways to reach relay operators, be it for debugging purposes or for helping them with relay misconfiguration. Thus, please set a valid contact info when running relays.
Finally, anyone running relays: try to get connected to the community so we can build some trust among each other. That seems to be an essential part in our long-term strategy to fight bad relays trying to enter our network.
For anyone wondering when a blog post will show up related to the rejections I wrote about above, it seems nusenu has written one:
https://nusenu.medium.com/is-kax17-performing-de-anonymization-attacks-again...
Make sure to scroll down to the Appendix, though, if you want to see graphs which actually show this rejection. The very first one is confusing as it seems to imply the attacker is still on the network/the attack is ongoing. But that's not the case as far as we know.
An important thing to note as well is making sure *not* to actually use the proposed self-defense as-is. It's not mentioned in the blog post but at the repository linked to:
""" NOTE: This PoC is NOT fit for general use and not meant to be used by end-users! """
We have not finished our analysis for the relay group nusenu is talking about in the blog post, so not sure yet about the findings mentioned there. However, it's nice to see external parties being as vigilant as we in trying to make sure our users have a safe Tor experience. More of that please. :)
Georg