Pinned post

a story about a huge malicious tor exit operation:

Blog: "How Malicious Tor Relays are Exploiting Users in 2020 (Part I)
>23% of the Tor network’s exit capacity has been attacking Tor users"

medium.com/@nusenu/how-malicio

Another major tor exit relay operator (running 65 tor exit relays) implemented the verified url field of the contactinfo spec to help fight false-friends and operator impersonation attacks:
nusenu.github.io/OrNetStats/hy

>25% of tor's exit capacity has joined this effort so far:
nusenu.github.io/OrNetStats/ex

specification:
nusenu.github.io/ContactInfo-I

Reminder: tor 0.4.4 reached end of life on 2021-06-15.
Over 1000 relays and about 20% of the network capacity runs an unsupported version of tor.

Upgrade your tor relays for a more resilient tor network.

nusenu.github.io/OrNetStats/#e

someone sent me this:

the Security Now podcast features the blog posts about malicious tor exit relay activities

twit.tv/shows/security-now/epi
(starting at 41min30)

Do not take this as an endorsement. I do not share their opinion wrt to VPN.

With the release of today's blogpost come also new OrNetStats graphs and I'm particularly excited to see more operators set a non-spoofable ContactInfo - shown on this graph:

nusenu.github.io/OrNetStats/ex

The Tor network has seen over 1000 new exit relays at OVH. Not that kind of relays that you want to use.

lists.torproject.org/pipermail

Want to help unmasking malicious tor relays that perform impersonation attacks?

use a non-spoofable contactinfo on your tor relay:

1) add the protected fields to your torrc ContactInfo:
"url:<your domain> proof:uri-rsa ciissversion:2"
2) publish your set of relay fingerprints under https:// your domain/.well-known/tor-relay/rsa-fingerprint.txt

Don't have a domain? use github pages or similar instead.

Thanks to over 320 tor relays for using non-spoofable contactInfos already.

relayor - the ansible role for Tor relay operators - v21.0.0 is released.

This release solves the expired debian GPG key.

github.com/nusenu/ansible-rela

There are already over 20 Tor relay operators (>200 relays, > 10% exit capacity) that make use of the
tor ContactInfo information sharing specification (CIISS) to get some group wide graphs generated for their relays:
nusenu.github.io/OrNetStats/in

Bellow is shown a sample graph by one of them:

New feature added to OrNetStats:

Tor operator graphs, showing aggregated bandwidth and guard/exit fractions over time.

I'm happy to announce version 2 of the Tor ContactInfo Information Sharing Specification.

nusenu.github.io/ContactInfo-I

It comes with an easy to use ContactInfo generator, which is maintained by Eran Sandler:
torcontactinfogenerator.netlif

relayor v20.1.0 is released.

It contains a bugfix, for corner cases where the new tor configuration would not be used.

relayor users are encouraged to update to this release.

changes:
* bugfix: restart tor instead of reloading it when configuration changed (reloading is not supported by tor in all cases)
* make tor_ContactInfo variable mandatory
* update tor alpha version: 0.4.3 -> 0.4.4
* add support for FreeBSD 11.4
* increase min. ansible version to 2.9.12

github.com/nusenu/ansible-rela

Since the Tor directory authorities are no longer removing such relay groups and I feel bad about sitting on this list without doing anything with it I'm posting it here for your information.

This is a set of over 600 Tor relays that got added since 2020-01-29 on a limited set of hosters (primarily at Microsoft).
They have some similarities in their sign-up pattern and properties.

total guard probability: 3.6%
total middle probability: 10.1%
(no exit relays)

github.com/nusenu/tor-network-

This time the malicious Tor relays (same entity) got caught intercepting traffic to changenow.io

published by twitter.com/notdan/status/1295

In my recent blog post I mentioned that the Tor network attacker likely still runs >10% of the networks exit capacity.

Some of of them got confirmed yesterday and their actual fraction was likely even bigger than ">10%" at the time.

lists.torproject.org/pipermail

Two weeks ago they didn't exist, today they are by far the biggest guard relay operator on the Tor network.

Yet another OVH-based no-name relay group:
nusenu.github.io/OrNetRadar/20

The Tor network is changing these days, changing fast.

Take care.

Show older
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!