[tor-relays] Recent rejection of relays

mpan tor-1qnuaylp at mpan.pl
Thu Nov 11 14:24:15 UTC 2021


> 1. Asking all relay operators to list their email addresses in the public relay list is largely equivalent to asking them to invite tens of thousands of spam emails into their inboxes and having to either ignore most of them or set up aggressive filtering rules which can easily bounce legitimate messages. This also opens up a convenient channel for "adversaries" to harass or even coerce the relay operators.
   Contact info isn’t limited to email. CIISS currently allows⁽¹⁾ even a 
Twitter account or an XMPP JID, and in required fields you may provide a 
home page URL instead of a plain email.

   However, email addresses exposed that was see nearly no spam. While I 
see the issue and I am happy there are other options, in the current 
state of affairs I am less concerned about publishing the email address 
in my ContactInfo than revealing it in this particular message. Neither 
is very attractive to spammers, but the latter may trigger some people 
to spam me to just prove how wrong I am.

> 2. Middle relays can be used for attacking and the only defense being "list your email addresses or else we'll kick you out" throws a sizable wretch into the credibility and technical soundness of the whole project. If the "adversaries" are capable of de-anonymize tor users by simply running a middle relay that by design knows neither the real sources nor the real destinations of the traffic through it, I wonder how hard would it be for them to set up an email address?
   You are assuming those are adversaries, who do that intentionally. 
Instead of nodes being misconfigured and their operators not reachable 
to resolve the issues.

   For adversaries it is a noticeable cost. Deploying 500 nodes is cheap 
and automatic. Hiring people, to respond to email in a manner that 
doesn’t instantly reveal they are call center drones, is having neither 
of those properties.
____
⁽¹⁾ https://nusenu.github.io/ContactInfo-Information-Sharing-Specification/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20211111/c4cfdeff/attachment.sig>


More information about the tor-relays mailing list