HF posted:
https://www.hackerfactor.com/blog/index.php?/categories/19-Tor https://twitter.com/hackerfactor/status/1341164309095694336 "my years of previous interactions with the Tor Project had been met with everything from silence to outright hostility. ... With no vendor response, I escalated to a blog series about Tor's vulnerabilities. ... The Tor Project went on the defensive, trying to mitigate the risks called out in my previous two blog entries. ... For the goal of getting them to fix something, anything, this project failed. However, I ended up learning much more about the Tor Project... -- HF"
grarpamp posted:
Another 600++ were removed in September. Estimate 25-50% of all nodes are adversarial.
JDB posted:
Over 25% Of Tor Exit Relays Are Spying On Users' Dark Web Activities https://thehackernews.com/2021/05/over-25-of-tor-exit-relays-are-spying.html
https://nusenu.medium.com/tracking-one-year-of-malicious-tor-exit-relay-acti... Tor network has been infested with bad nodes for ~20 years ever since inception [1]. Tor Project and "community" were suggested many times to create some new userland mindsets on risk, independent outside node analysis groups and node cooperations, new available options for users and usage... allowing users to plugin various externally maintained node selection metrics and subscriptions including based on creating various WoT's of nodes. Tor Project quietly never bothered to make discuss or help promote those distributed assertion/usage models further. Instead they still limit scope to central blocking now 1000 of obviously malicious bad nodes a month, while leaving users hanging subjected to a large percent of undetect[ed/able] bad nodes (including TA middles/guards modulators) many which been around for nearly as many years, and making press releases about how their blocking is keeping users safe. Are now pushing contact field labeling as non-solution that do nothing (because the malactors do the labeling, sheep meet wolf, lol). Tor Project still takes quiet inflection that it protects users, advertises tor is stronger than it is, and users should accept and use their pontifically safe design and relays on faith, and not raise counterpoint question critique expo[s/$]e or options for user benefit, else posters be censored from Tor comms channels and people kicked from project and areas. Plus extra boot for those maintaining independence from wokeism. "Tor Stinks -- NSA" [1] Just a fraction of all the nodes blocked this month alone... https://lists.torproject.org/pipermail/tor-relays/2021-May/019644.html Another partial list... https://gitlab.torproject.org/tpo/network-health/team/-/wikis/Rejected-finge... New overlay network designs and operations need to arise, and from places far from involved in Tor Project.