> PHASE-4: Full Public Disclosure I would strongly object to publishing any data that is node specific/identifiable. Admins deal with background traffic and pro crackers every day. But we don't need people throwing up targets for the sort of chantards that inhabit Tor to simply launch their useless scripts against 4tehlulz.
Also, dropping insecure nodes won't do much but remove useful nodes... 'evil' entities will want to deploy tamper proof nodes. (Discovering subgroups of fingerprints across the node set would be interesting...) Given the trivial cost for such entities to run said nodes, we actually need every user's node as defense, regardless of who happens to 0wn it or not at the moment. Two useful things to do are: - collect and publish aggregated stats. no different than any other security or network research project. - provide a scan service for those who come to you for it. much like remote uptime monitoring services do. _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
