-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 > But bottom line, the Tor Project apparently did nothing with the > information.
Well, they apparently made (according to phw) an informed decision on which attacks they should be spending the little available resources. That is certainly more than doing 'nothing'. Philipp Winter explained the general situation quite clearly (without going into the specifics of the reported relays): > there are not enough people to keep up with all the work. The > little resources we have we tend to spend on more serious attacks. > That is not to say that traffic sniffing is harmless, but we are > forced to prioritise So if this does not match with ones assumptions and threat model it is probably good to adjust the threat model towards it. It is certainly better to always assume the presence of bad exits because it is impossible to detect them all, all the time, with no delay (and because even good exits have to route their packets through the "bad internet" to its final destination.) I'm _not_ saying that we should forget about the 'badexit' flag altogether because "we can't get hold of all of them anyway", but now we know more about the resources of those managing badexit flags and its implications. I find it more worrying that we do not "hear" about the 'more serious attacks' that keep them busy and don't allow them to look into i.e. 'AviatoChortler' (even after a few weeks). That might mean that there is a constant stream of 'more serious attacks' (without information I can only guess). -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVl5N1AAoJEFv7XvVCELh03cIP/jgiCrg+YaUjtUv6GHv4dkA9 PF40d4HIDQ7XBeMTFezHC/m7xFUeF163vG1zE2I5sWKD3UFXEOaAgXF+GMC8YpSs 83P2ewv8Mc5oNHwnyK5J0hjnaksix1b/X+C0GG+YJ8QixBGqZQ+wBHaBpr7DWsrx bDlcOJB1tyUKl6wRiZWPEGWCJBVMb4CSLzBA3bRVwt6kJXAalC2UQmcmRs+iCj1l 5IUHTbhAl/uc2dLlUx4LeXooZCL6zolHO4u2/dYdzTpOjVVBOx0E6e9EMO3YC25i 5fTaJRWq2V+Va3yfhIQWTQPAkEglbtxfThPidUaKTiWP6j3/70eYSoz5gdM3KwO5 Tm2PCuzgaLRsqd+tqBWnr0EXq5R/TQWsreYpbXwH5SpRUyGg/COELh8wRvYvRiUp +S/N1S38RwjV1I0cMyZvnDS5AFbqv6Jp9KzqyXFSGlS6mH2iJfDCH3211OjLbcpA XpqRzLrqTB4UELqbQkldqIS/aYqTxEb5L3PS4ZlzQG0BdGmYj8z1iI4r2BGjgjjD Zgx7TE2HNkwfgOp/0Lk067FgHcGaGRZMd+kF/KOn7+Yv25Lx9U7dQkd0EYRzT1og OrIloqAlHJgSLzsWrYZMRK7qVqQ/jyvfv/pXHmXUpqM3rFfozh1p4qjHuFZO9tx5 SknFJ0iiinZ+exe48ttc =0WMo -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
