Pinned post

You can find the recording of my rC3 talk "Towards a more Trustworthy Tor Network" in English and German (interpreted) and subtitles
at
media.ccc.de/v/rc3-2021-chaoss

There are currently still over 1100 tor relays running version 0.4.6.x, which is about to reach its end of life on 2022-08-01.

nusenu.github.io/OrNetStats/#t

bridge ContactInfos can now also be protected using an Authenticated Relay Operator ID (AROI), the same fields as for relays apply.

nusenu.github.io/ContactInfo-I

The proof for bridges containing hashed fingerprints is published under this well-known URI:

https://-your-hostname-/.well-known/tor-relay/hashed-bridge-rsa-fingerprint.txt

Want to learn about the largest tor bridge operators on the network or find out how large your set of bridges is compared to others?

Here is a new OrNetStats feature for you:
nusenu.github.io/OrNetStats/#b

Looks like we will never see HSTS preloading to protect us against sslstrip attacks on *.torproject.net websites.

gitlab.torproject.org/tpo/tpa/

So lets hope forum.torproject.net migrates to forum.torproject.org soon.

This move will protect tor users against sslstrip attacks because the .org domain has HSTS preloading enabled.

Enabling HSTS preloading on a domain protects their users from sslstrip type of attacks.

Here is the gitlab issue to enable HSTS preloading on torproject.net:

gitlab.torproject.org/tpo/tpa/

If you are operating tor relays using ansible-relayor you should monitor your relay's key expiry to avoid outages due to expired keys.

Here is a tor MetricsPort feature request I just submitted for you, so it should be easier to monitor key expiry in the future:
gitlab.torproject.org/tpo/core

Reminder: when you forget to renew the online keys, tor will shutdown eventually.

And an older related MetricsPort feature request:
gitlab.torproject.org/tpo/core

Someone triggered a Tor Sybil attack detection today, but thanks to their properly configured Authenticated Relay Operator ID we know it is CCC Stuttgart setting up their 48 shiny new tor exit instances - and NOT someone impersonating them 👍

Congratulations @cccs and thanks for using a state of the art secure OfflineMasterKey setup to protect your relay keys!

A trusted organization setup their new Authenticated Relay Operator ID today:
Welcome www.cccs.de - CCC Stuttgart @cccs

the tor-talk mailing list will soon be a thing of the past.

The replacement - the Tor forum - stores your IP address for "no more than 5 years" according to their privacy policy.

Not what I would expect from a privacy focused project.

Reminder: tor 0.3.5 reaches it's end of life on 2022-02-01 (in 3 weeks from now).

Over 700 relays - about 7% of the network's guard capacity
currently still run this soon unsupported tor version.

relayor v22.1.0-rc has been released with MetricsPort security improvements and a new ops monitoring feature: blackbox_exporter scrape config generation.

This feature allows tor relay operators to monitor the reachability of all their relays' OrPort/DirPorts on IPv4 and IPv6.

The next stable relayor release will come with a guide on how to use all the new prometheus integrations in relayor.

I also enabled Discussions on the GitHub repository.

github.com/nusenu/ansible-rela

You can find the recording of my rC3 talk "Towards a more Trustworthy Tor Network" in English and German (interpreted) and subtitles
at
media.ccc.de/v/rc3-2021-chaoss

relayor v22.0.0-rc has been released with MetricsPort (prometheus) support improvements and support for the new tor alpha debian repositories shipping tor 0.4.7.x.

github.com/nusenu/ansible-rela

Great to see torservers.net has joined the tor relay operators with an Authenticated Relay Operator ID (AROI)

nusenu.github.io/OrNetStats/to

the operator florentius.net is also on the graph and has been removed from the tor network by tor directory authorities

Show thread

New graph on OrNetStats:
Top Tor Relay Contributors by AROI since 2019-01-01

Unlike other graphs that are mostly snapshots of current values this shows total accumulated consensus weight.

nusenu.github.io/OrNetStats/#t

Upcoming Presentation:

Towards a more Trustworthy Tor Network

when: 2021-12-28, 17:00 CET
where: Chaosstudio Hamburg streaming.media.ccc.de/rc3/csh

primary target audience:
- Tor users
- Tor relay operators
- onion service operators
- and everyone that cares about Tor

Show older
Mastodon

The original server operated by the Mastodon gGmbH non-profit