Pinned post

You can find the recording of my rC3 talk "Towards a more Trustworthy Tor Network" in English and German (interpreted) and subtitles

There are currently still over 1100 tor relays running version 0.4.6.x, which is about to reach its end of life on 2022-08-01.

bridge ContactInfos can now also be protected using an Authenticated Relay Operator ID (AROI), the same fields as for relays apply.

The proof for bridges containing hashed fingerprints is published under this well-known URI:


Want to learn about the largest tor bridge operators on the network or find out how large your set of bridges is compared to others?

Here is a new OrNetStats feature for you:

Looks like we will never see HSTS preloading to protect us against sslstrip attacks on * websites.

So lets hope migrates to soon.

This move will protect tor users against sslstrip attacks because the .org domain has HSTS preloading enabled.

Enabling HSTS preloading on a domain protects their users from sslstrip type of attacks.

Here is the gitlab issue to enable HSTS preloading on

If you are operating tor relays using ansible-relayor you should monitor your relay's key expiry to avoid outages due to expired keys.

Here is a tor MetricsPort feature request I just submitted for you, so it should be easier to monitor key expiry in the future:

Reminder: when you forget to renew the online keys, tor will shutdown eventually.

And an older related MetricsPort feature request:

Someone triggered a Tor Sybil attack detection today, but thanks to their properly configured Authenticated Relay Operator ID we know it is CCC Stuttgart setting up their 48 shiny new tor exit instances - and NOT someone impersonating them 👍

Congratulations @cccs and thanks for using a state of the art secure OfflineMasterKey setup to protect your relay keys!

A trusted organization setup their new Authenticated Relay Operator ID today:
Welcome - CCC Stuttgart @cccs

the tor-talk mailing list will soon be a thing of the past.

The replacement - the Tor forum - stores your IP address for "no more than 5 years" according to their privacy policy.

Not what I would expect from a privacy focused project.

Reminder: tor 0.3.5 reaches it's end of life on 2022-02-01 (in 3 weeks from now).

Over 700 relays - about 7% of the network's guard capacity
currently still run this soon unsupported tor version.

relayor v22.1.0-rc has been released with MetricsPort security improvements and a new ops monitoring feature: blackbox_exporter scrape config generation.

This feature allows tor relay operators to monitor the reachability of all their relays' OrPort/DirPorts on IPv4 and IPv6.

The next stable relayor release will come with a guide on how to use all the new prometheus integrations in relayor.

I also enabled Discussions on the GitHub repository.

You can find the recording of my rC3 talk "Towards a more Trustworthy Tor Network" in English and German (interpreted) and subtitles

relayor v22.0.0-rc has been released with MetricsPort (prometheus) support improvements and support for the new tor alpha debian repositories shipping tor 0.4.7.x.

Great to see has joined the tor relay operators with an Authenticated Relay Operator ID (AROI)

the operator is also on the graph and has been removed from the tor network by tor directory authorities

Show thread

New graph on OrNetStats:
Top Tor Relay Contributors by AROI since 2019-01-01

Unlike other graphs that are mostly snapshots of current values this shows total accumulated consensus weight.

Upcoming Presentation:

Towards a more Trustworthy Tor Network

when: 2021-12-28, 17:00 CET
where: Chaosstudio Hamburg

primary target audience:
- Tor users
- Tor relay operators
- onion service operators
- and everyone that cares about Tor

Show older

The original server operated by the Mastodon gGmbH non-profit