On Fri, Apr 13, 2007 at 03:24:40PM +0700, Vlad SATtva Miller wrote:

...However none of the mentioned below router nicknames or fingerprints was found in the current local cache file.

-------- Original Message -------- Subject: High-traffic Colluding Tor Routers in Washington, D.C. Confirmed Date: Thu, 12 Apr 2007 23:35:52 -0400 From: Nostra2004@Safe-mail.net To: cypherpunks@jfet.org

A group of 9 Tor routers also functioning overtly or indirectly as Tor exit nodes have been observed colluding on the public Tor network.

Yeah. This happened in mid 2006. I don't know why some random person just picked it up now. We (mainly Steven Murdoch and Richard Clayton) tracked down the fellow running them. It turned out to be an innocent mistake. He's still running quite a few, on the same network, but now he sets the MyFamily torrc option on them. This issue also prompted us to speed up the fix/feature in 0.1.2.1-alpha: "Automatically avoid picking more than one node from the same /16 network when constructing a circuit." http://archives.seul.org/or/talk/Aug-2006/msg00300.html

Collusion was definitively established by the following method:

For a more interesting (and more conclusive imo) method of deciding they're the same, check out slide 28 in Steven's slides from his CCS paper and 23C3 talk, where he investigated these servers: http://www.cl.cam.ac.uk/~sjm217/talks/ccc06hotornot.pdf --Roger ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE