Hi -
I'm running three relays. Is it necessary to list all three relays in my family on each relay?
Thank you! :-)
Yes, because otherwise you risk ending up on the bad relays list.
On July 25, 2021 1:36:20 PM UTC, Kathi kathihil935@gmail.com wrote:
Hi -
I'm running three relays. Is it necessary to list all three relays in my family on each relay?
Thank you! :-)
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Sun, 25 Jul 2021 08:36:20 -0500 Kathi kathihil935@gmail.com wrote:
Hi -
I'm running three relays. Is it necessary to list all three relays in my family on each relay?
Hello,
Technically it is necessary to list "the other two" on each relay. But listing all three on all three is also allowed, and is usually easier from the maintenance standpoint. You can just copy-paste the same MyFamily line.
On Sun, Jul 25, 2021 at 08:36:20AM -0500, Kathi wrote:
I'm running three relays. Is it necessary to list all three relays in my family on each relay?
Yes, please do list them all.
The first reason is that it helps clients make safe routing decisions: by signaling to the clients that these relays are all controlled by you, Tor clients can make sure not to use more than one of your relays in any of the paths they build.
The second reason is actually for *your* safety: if you are signaling to clients to avoid using more than one of your relays in their paths, then the temptation is lower for somebody to come hassle you into revealing data and/or watch your network connection.
And the third reason is to help everybody know which relays are really yours. We've had some problems over the past year with jerks trying to run harmful relays, and one of their tricks to stay hard to notice has been to find groups of relays that look like a family but that haven't set up their MyFamily lines properly, and try to blend in with those. So if you run three relays but don't set your MyFamily properly, we can't tell the difference between that and "you run two relays and some jerk is trying to blend their relay into your two".
Thanks for running relays!
(Oh. As Roman says in the other reply, technically there's no need to list yourself in your MyFamily line. That is, every relay is implicitly already in its own family. But for logistical reasons, it's probably easier to just use the same MyFamily line for all three relays.)
--Roger
Okay, then I have another question about MyFamily. Is the only correct format MyFamily fingerprint1,fingerprint2,fingerprint3 or can I put in: MyFamily #relay 1 fingerprint1 #relay 2 fingerprint2 #relay 3 fingerprint3
I end up with a file in the second format so I know which fingerprint is which, but then creating the comma separated one line format to put in the relays.
--Torix
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, July 26th, 2021 at 6:41 AM, Roger Dingledine arma@torproject.org wrote:
On Sun, Jul 25, 2021 at 08:36:20AM -0500, Kathi wrote:
I'm running three relays. Is it necessary to list all three relays in
my family on each relay?
Yes, please do list them all.
The first reason is that it helps clients make safe routing decisions:
by signaling to the clients that these relays are all controlled by you,
Tor clients can make sure not to use more than one of your relays in any
of the paths they build.
The second reason is actually for your safety: if you are signaling to
clients to avoid using more than one of your relays in their paths, then
the temptation is lower for somebody to come hassle you into revealing
data and/or watch your network connection.
And the third reason is to help everybody know which relays are really
yours. We've had some problems over the past year with jerks trying to
run harmful relays, and one of their tricks to stay hard to notice has
been to find groups of relays that look like a family but that haven't
set up their MyFamily lines properly, and try to blend in with those. So
if you run three relays but don't set your MyFamily properly, we can't
tell the difference between that and "you run two relays and some jerk
is trying to blend their relay into your two".
Thanks for running relays!
(Oh. As Roman says in the other reply, technically there's no need to
list yourself in your MyFamily line. That is, every relay is implicitly
already in its own family. But for logistical reasons, it's probably
easier to just use the same MyFamily line for all three relays.)
--Roger
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Tue, Jul 27, 2021 at 01:56:09PM +0000, torix wrote:
Okay, then I have another question about MyFamily. Is the only correct format MyFamily fingerprint1,fingerprint2,fingerprint3 or can I put in: MyFamily #relay 1 fingerprint1 #relay 2 fingerprint2 #relay 3 fingerprint3
I end up with a file in the second format so I know which fingerprint is which, but then creating the comma separated one line format to put in the relays.
According to the MyFamily entry in 'man torrc', you can do it either all on one line, or each on its own line. But in the 'each on its own line' case you still need to set MyFamily at the beginning of each line.
MyFamily fingerprint,fingerprint,... Declare that this Tor relay is controlled or administered by a group or organization identical or similar to that of the other relays, defined by their (possibly $-prefixed) identity fingerprints. This option can be repeated many times, for convenience in defining large families: all fingerprints in all MyFamily lines are merged into one list. When two relays both declare that they are in the same 'family', Tor clients will not use them in the same circuit. (Each relay only needs to list the other servers in its family; it doesn't need to list itself, but it won't hurt if it does.) Do not list any bridge relay as it would compromise its concealment.
If you run more than one relay, the MyFamily option on each relay must list all other relays, as described above.
Note: do not use MyFamily when configuring your Tor instance as a bridge.
There is even a third option, where you end each line with a backslash, which tells Tor that these multiple lines are actually just one long line:
To split one configuration entry into multiple lines, use a single backslash character () before the end of the line. Comments can be used in such multiline entries, but they must start at the beginning of a line.
I.e. you could use your above approach with one fingerprint per line, without saying MyFamily on each one of them, if you added a backslash at the end of each fingerprint.
--Roger
tor-relays@lists.torproject.org
-
Kathi -
Roger Dingledine -
Roman Mamedov -
tor@nullvoid.me -
torix