#tor-relays

prplcdclnw@diasp.eu

Bad Tor Relays

Tracking down the source for this allegation.

It started with a post from Schneier on his blog. I get this as a news feed. https://www.schneier.com/blog/archives/2021/12/someone-is-running-lots-of-tor-relays.html

Schneier links to this. https://therecord.media/a-mysterious-threat-actor-is-running-hundreds-of-malicious-tor-relays/

That led to Nusenu, and just a little more work led to what I think is the ultimate source.

https://nusenu.medium.com/is-kax17-performing-de-anonymization-attacks-against-tor-users-42e566defce8


Summary
- A mysterious actor which we gave the code-name KAX17 has been running large fractions of the tor network since 2017, despite multiple attempts to remove them from the network during the past years.
- KAX17 has been running relays in all positions of a tor circuit (guard, middle and exit) across many autonomous systems putting them in a position to de-anonymize some tor users.
- Their actions and motives are not well understood.
- We found strong indicators that a KAX17 linked email address got involved in tor-relays mailing list discussions related to fighting malicious relays.
- Detecting and removing malicious tor relays from the network has become an impractical problem to solve.
- We presented a design and proof of concept implementation towards better self-defense options for tor clients to reduce their risk from malicious relays without requiring their detection.
- Most of the tor network’s exit capacity (>50%) supports that design already. More guard relays adopting the proven domain are needed (currently at around 10%).

#tor #tor-relay #tor-relays #privacy #security #surveillance #spying #tor-network #threat-actor #kax17