Pinned toot

a story about a huge malicious tor exit operation:

Blog: "How Malicious Tor Relays are Exploiting Users in 2020 (Part I)
>23% of the Tor network’s exit capacity has been attacking Tor users"

relayor - the ansible role for Tor relay operators - v21.0.0 is released.

This release solves the expired debian GPG key.

There are already over 20 Tor relay operators (>200 relays, > 10% exit capacity) that make use of the
tor ContactInfo information sharing specification (CIISS) to get some group wide graphs generated for their relays:

Bellow is shown a sample graph by one of them:

New feature added to OrNetStats:

Tor operator graphs, showing aggregated bandwidth and guard/exit fractions over time.

I'm happy to announce version 2 of the Tor ContactInfo Information Sharing Specification.

It comes with an easy to use ContactInfo generator, which is maintained by Eran Sandler:

relayor v20.1.0 is released.

It contains a bugfix, for corner cases where the new tor configuration would not be used.

relayor users are encouraged to update to this release.

* bugfix: restart tor instead of reloading it when configuration changed (reloading is not supported by tor in all cases)
* make tor_ContactInfo variable mandatory
* update tor alpha version: 0.4.3 -> 0.4.4
* add support for FreeBSD 11.4
* increase min. ansible version to 2.9.12

Since the Tor directory authorities are no longer removing such relay groups and I feel bad about sitting on this list without doing anything with it I'm posting it here for your information.

This is a set of over 600 Tor relays that got added since 2020-01-29 on a limited set of hosters (primarily at Microsoft).
They have some similarities in their sign-up pattern and properties.

total guard probability: 3.6%
total middle probability: 10.1%
(no exit relays)

This time the malicious Tor relays (same entity) got caught intercepting traffic to

published by

In my recent blog post I mentioned that the Tor network attacker likely still runs >10% of the networks exit capacity.

Some of of them got confirmed yesterday and their actual fraction was likely even bigger than ">10%" at the time.

Two weeks ago they didn't exist, today they are by far the biggest guard relay operator on the Tor network.

Yet another OVH-based no-name relay group:

The Tor network is changing these days, changing fast.

Take care.

a story about a huge malicious tor exit operation:

Blog: "How Malicious Tor Relays are Exploiting Users in 2020 (Part I)
>23% of the Tor network’s exit capacity has been attacking Tor users"

I'm aiming to generate some Tor network graphs that show attributable network fraction over time.
Would you like to contribute your tor relay capacity to these graphs?

Help me attributing your relays by using ContactInfo/operatorurl and verifyurl fields:

I'm happy to announce version 1 of the Tor ContactInfo Information Sharing Specification

ContactInfo generator website:
torcontactinfogenerator.netlif (thanks to Eran)

relayor v20.0.2 got released

added support for OpenBSD 6.7 and Ubuntu 20.04

The Tor Project will release updated versions of tor to fix multiple denial-of-service vulnerabilities affecting relays and clients.

Today is a big day for the Tor network, in many ways.
The biggest exit operator moved to a new (and upstream wise better) place.

On 2020-03-25 another tier1 transit provider will drop RPKI invalid BGP announcements: NTT/AS2914

You can check if you are affected by visiting the RPKI Observatory

In the first two months of 2020 the Tor network has seen more potential Sybil attacks than in the entire 3 years before 2020.

Onion v3 services are a lot safer than onion v2 services.

One of the main reasons why onion v3 services haven't seen much adoption by large scale sites is the missing support for onionbalance. This is about to change.

If you want to help test onionbalance for v3 onion services:

The Tor directory authorities are affected by what looks like a small scale distributed denial of service attack.

Tor developers are preparing and testing patches to separate legitimate directory requests from non-tor software based requests.

Show older

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!