https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-... https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac
There are multiple indicators that suggest that the attacker still runs >10% of the Tor network exit capacity (as of 2020–08–08)
And on this one: I trust nusenu who told me we still have massiv malicious relays.
On 14. Aug 2020, at 19:12, Roger Dingledine arma@torproject.org wrote:
On Thu, Aug 13, 2020 at 03:34:55PM +0200, niftybunny wrote:
This shit has to stop. Why are the relays in question still online?
Hm? The relays are not online -- we kicked them in mid June.
We don't know of any relays right now that are attacking users.
Or said another way, if anybody knows of relays that are doing any attacks on Tor users, ssl stripping or otherwise, please report them. I believe that we are up to date and have responded to all reports.
That said, there is definitely the uncertainty of "I wonder if those OVH relays are attacking users -- they are run by people I don't know, though there is no evidence that they are." We learned from this case that making people list and answer an email address didn't slow them down.
I still think that long term the answer is that we need to shift the Tor network toward a group of relay operators that know each other -- transparency, community, relationships, all of those things that are costly to do but also costly to attack: https://gitlab.torproject.org/tpo/metrics/relay-search/-/issues/40001 https://lists.torproject.org/pipermail/tor-relays/2020-July/018656.html https://lists.torproject.org/pipermail/tor-relays/2020-July/018669.html
But the short term answer is that nobody to my knowledge has shown us any current relays that are doing attacks.
Hope that helps, --Roger
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays