On Fri, Apr 13, 2007 at 03:24:40PM +0700, Vlad SATtva Miller wrote:

...However none of the mentioned below router nicknames or fingerprints was found in the current local cache file.

...snip...

A group of 9 Tor routers also functioning overtly or indirectly as Tor exit nodes have been observed colluding on the public Tor network.

Yeah. This happened in mid 2006. I don't know why some random person just picked it up now. We (mainly Steven Murdoch and Richard Clayton) tracked down the fellow running them. It turned out to be an innocent mistake. He's still running quite a few, on the same network, but now he sets the MyFamily torrc option on them. This issue also prompted us to speed up the fix/feature in 0.1.2.1-alpha: "Automatically avoid picking more than one node from the same /16 network when constructing a circuit." http://archives.seul.org/or/talk/Aug-2006/msg00300.html

Collusion was definitively established by the following method:

For a more interesting (and more conclusive imo) method of deciding they're the same, check out slide 28 in Steven's slides from his CCS paper and 23C3 talk, where he investigated these servers: http://www.cl.cam.ac.uk/~sjm217/talks/ccc06hotornot.pdf --Roger ----- End forwarded message -----