Am So., 23. Feb. 2020 um 01:55 Uhr schrieb teor <t...@riseup.net>: > Hi, > > I've gone a few emails back up the thread, because the risk > analysis is missing some really important factors. > > And just some reminders: > > Some users depend on the tor network for their safety. > > Relay operators take some risks, but we do our best to > reduce those risks. > > MyFamily is about user and operator safety. We pay more > attention to arguments based on safety. > > On 22 Feb 2020, at 23:02, Michael Gerstacker < > michael.gerstac...@googlemail.com> wrote: > > > So for what reason do i set the MyFamily option beside making a Hidden >> > Service Guard discovery attack more easy? >> >> - risk reduction for tor users >> MyFamily declarations allow the tor client software to automatically >> detect relay families when creating circuits to >> avoid using multiple relays from the same operator in a single circuit. >> > > This should not matter if the operator is not malicious and like i already > said an malicious operator will not use the same contact info or relay name. > > - reducing the risk for tor users that might become victims if some >> operator gets compromized (with all its relays) >> > > This is a reason i can understand. > Not sure how much that would really help in practice but i can understand > it. > > > In practice, relay operators become targets for compromise > when they don't set MyFamily. Because those relays can be > used to attack a Tor users. > > If relay operators correctly set MyFamily, then an attacker > needs to compromise multiple operators to see a single > user's traffic. > > In this case, it doesn't matter if the operator is malicious. >
Understood. So for example if someone compromise multiple of my relays without me noticing it and installs software on them (or the providers network) to do a traffic correlations attack i am a less interesting target when i have set MyFamily. Another benefit of a proper MyFamily setting in this case would be that he first would need to remove the MyFamily to see any interesting traffic which i would most likely realize faster than without a proper MyFamily setting. This is indeed something what makes me very uncomfortable because it would be my fault if someones privacy would get affected by this. > - transparency >> Every relay operator should declare their relay group to allow everybody >> to measure their network fraction (Sybil detection). >> > > Should... > But i understand this one too. > But as long as my family is still a small one with only one exit compared > to others i am not a Sybil attack risk and even if i would would i get any > special treatment then? > > > It doesn't matter how small your relays are. Some clients > will choose your relays as guards. You're putting those > users in danger. > I understand this one as related to the first one. > - risk reduction for relay operators >> MyFamily also provides risk reduction for operators since they are less >> valuable as an attack target >> if they can not technically be used for e2e correlation attacks >> > > I think this is similar to your first point but i think that should be the > operators choice if he want to take steps against this case. > > > There's also a network effect here. If almost all operators > set MyFamily, then the Tor Network becomes a less > valuable target for attacks. So attackers use other > methods, like attacking Tor Browser, or offline attacks. > > But if a lot of operators don't set MyFamily, then attackers > develop tools and techniques to attack the network. Then > they can repeat these attacks easily whenever they get a > new target. I guess you could call that a market effect. > Understood. > So if you're not going to set MyFamily for yourself, do it for > Tor users, and do it for Luther relay operators. > Will try to do it tomorrow. > We prioritise the safety of users and relay operators here. > > T > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
