wiki:doc/potentiallyDangerousRelays

Contacts listed on this page have potentially end-to-end correlation capabilities because they lack proper MyFamily configuration and have a guard probability and exit probability > 0% according to https://onionoo.torproject.org

Operator Contact Info contacted on
nick AT calyx dot com 2015-03-28
admin AT tor.noisebridge.net 2016-11-14

https://raw.githubusercontent.com/ornetstats/stats/master/o/potentially_dangerous_relaygroups.txt (updated once a day)

Why are they potentially dangerous?

An entity that can see tor clients connecting to a entry relay (also known as guard relay) and leaving the tor network via an exit relay can identify the real IP address of source (the tor client) and the destination.

Why just "potentially"?

Since ContactInfo is not authenticated in any way anyone can set it to an arbitrary value and therefore false-positives are possible. (Operators can get relays removed from the network if they use their ContactInfo by reaching out to ReportingBadRelays)

What can relay operators do to help protect tor clients?

Tor relay operators can set the MyFamily parameter in their torrc if they run more than one relay, to tell tor clients that they should not use more than one of them in a single circuit.

Last modified 12 months ago Last modified on Jan 29, 2017, 9:26:51 AM