Re: [tor-relays] Possible problem with NYX

2018-09-05 Thread Damian Johnson
> There are so many edge cases for this check. > > Flags are a *recommendation* to clients. They don't force clients > to behave a certain way. > > For example: > * clients connecting via bridges can use a middle node as their > second hop. These middle nodes will leak bridge addresses via nyx. >

Re: [tor-relays] Possible problem with NYX

2018-09-04 Thread teor
> On 5 Sep 2018, at 02:36, Damian Johnson wrote: > > Nyx's 'should this be scrubbed' check is pretty simple [1]. > Inbound addresses are scrubbed if... > > 1. You're configured to accept user traffic (ie. you set BridgeRelay > in your torrc or have receive the Guard flag). [2] There are so man

Re: [tor-relays] Possible problem with NYX

2018-09-04 Thread arisbe
Thanks for this added info--it helps. On 9/4/2018 9:36 AM, Damian Johnson wrote: Hi arisbe. This isn't as concerning as you seem to think. As Nathaniel mentions it's simple to get this information, Nyx is simply attempting to scrub it cuz... well, it's ethically and legally the right thing to d

Re: [tor-relays] Possible problem with NYX

2018-09-04 Thread Damian Johnson
Hi arisbe. This isn't as concerning as you seem to think. As Nathaniel mentions it's simple to get this information, Nyx is simply attempting to scrub it cuz... well, it's ethically and legally the right thing to do. Nyx's 'should this be scrubbed' check is pretty simple [1]. Inbound addresses are

Re: [tor-relays] Possible problem with NYX

2018-09-03 Thread Nathaniel Suchy
You have to decide a balance of usefulness to a legitimate operator and privacy concerns. I could just as easily run Wireshark or TCPDump on my relays and get client IP Addresses that way. You are trusting most operators, like me, are the good guys. Of course a client IP isn’t very useful without a

[tor-relays] Possible problem with NYX

2018-09-03 Thread arisbe
Hello ops, Today I noticed something on NYX that I find disturbing.  Page 2 (list of inbound/outbound connections) showed me the IP address of an inbound connection on one of my bridges!  Not the authority. This is crazy as these are indicated as :port for the users protection!  I have never