Ethical Tor
coderman
coderman at gmail.com
Thu Nov 12 02:12:03 PST 2015
On 11/12/15, Mirimir <mirimir at riseup.net> wrote:
> ...
> Yes, it was subtle. But it was also, as I understand it, pointless
> except as an attack. And it was new behavior, right?
you would not believe the kinds of fucked up clients and relays that
participate in the Tor network! even the friendly implementations in
Java or Rust have at times failed in ways that look like an attack.
i don't think people appreciate the scale, complexity, and novelty of
activity in the Tor ecosystem.
> But still, it wasn't fair to say "ignored". They just didn't see it.
on this we concur :)
> ... I did note that they might have been blindsided by a zero
> day vulnerability.
0day happens! response is important, and Tor has always responded with
urgency and transparency in these situations.
>> how would you have spotted it?
>
> I'm not technical enough to answer that. But generally, I think that
> they ought to put more effort into monitoring. Especially for new
> relays. Look for anything unusual.
this is indeed a challenge!
not just for circuit behavior in general,
but also bad exit checking (which is usually bad upstream)
and suspicious cliques of relays.
proposals and patches welcome :)
best regards,
More information about the cypherpunks
mailing list