nusenu/2017-10-28 improving "bad-relays@"

## 2017-10-28 improving "bad-relays@"
Subject: [bad-relays] improving "bad-relays@"
Date: Sat, 28 Oct 2017
From: nusenu
To: bad-relays@lists.torproject.org

Hi,

[ this is NOT a report about a bad relay on the tor network ]

I was not sure where to send this email with suggestions for
improvements so I decided to send it to bad-relays@ directly because
that way it reaches the most relevant people (the subscribers of the list).

Since I'm a subscriber myself now, I feel somewhat obliged (to try) to
improve the current situation.

Problem Description

1)
Issues for a bad-relays reporter (external)
--------------------------------------------

This is from my personal experience as someone who sent a report to
bad-relays in the past (as non-subscriber) and from looking at past
bad-relays@ emails from the archive.
As a subscriber (now) I think I somewhat understand the reasons for this
problem a bit.

(most reports come from subscribers themselves but maybe we can improve
to get more external reports)

a) lacking feedback
- If someone reports something to bad-relays@ they might never get a
feedback.
- Reporter do NOT know
	- if their email got to the right people
	- if their report was useful
	- if the offending relays were removed from the tor network

With no feedback they might never report to bad-relays@  again.

suggestions:
- maybe use a ticketing system like the help desk? (
https://rt.torproject.org/ )
- automatically assign a ticket number and send an auto-reply with
ticket number and approximately expected response time
- provide the reporter with feedback
- close the ticket once the report has been acted upon or flagged as
invalid/not reproducible


b)
- reporter gets replies from non-torproject.org senders?

If I send a report to bad-relays@lists.torproject.org
and get a reply from ...@gmail.com, ...@riseup.net, ...@randomdomain.com
- that feels somewhat confusing, unexpected and does not inspire trust.

suggestion:
- I assume RT would work also for this issue


2)
issues for me as a bad-relays subscriber
-----------------------------------------

a) no info/feedback if and when a report has been acted upon (at all)


suggestion:
- I assume RT would work also for this issue (ticket gets closed when it
has been acted upon or rejected)


b) lots of spam in the ML archive (more than ham) -> Can I help
removing all that spam from the archive?


Misc.
---------------
- Is my assumption correct that you have _automated_ exit scans in place
for new exit relays? (otherwise I would work on something like that)

- Do your exit scanners check if their probes are rerouted through
other exits?

- We should support encrypted submissions

- We should use something better than IRC
(end-to-end encryption)

[ I'll stop here because other points are less important and should not
take away resources from more important ones ]


regards,
nusenu
	Subject: [bad-relays] improving "bad-relays@"
	Date: Sat, 28 Oct 2017
	From: nusenu
	To: bad-relays@lists.torproject.org

	Hi,

	[ this is NOT a report about a bad relay on the tor network ]

	I was not sure where to send this email with suggestions for
	improvements so I decided to send it to bad-relays@ directly because
	that way it reaches the most relevant people (the subscribers of the list).

	Since I'm a subscriber myself now, I feel somewhat obliged (to try) to
	improve the current situation.

	Problem Description

	1)
	Issues for a bad-relays reporter (external)
	--------------------------------------------

	This is from my personal experience as someone who sent a report to
	bad-relays in the past (as non-subscriber) and from looking at past
	bad-relays@ emails from the archive.
	As a subscriber (now) I think I somewhat understand the reasons for this
	problem a bit.

	(most reports come from subscribers themselves but maybe we can improve
	to get more external reports)

	a) lacking feedback
	- If someone reports something to bad-relays@ they might never get a
	feedback.
	- Reporter do NOT know
	- if their email got to the right people
	- if their report was useful
	- if the offending relays were removed from the tor network

	With no feedback they might never report to bad-relays@ again.

	suggestions:
	- maybe use a ticketing system like the help desk? (
	https://rt.torproject.org/ )
	- automatically assign a ticket number and send an auto-reply with
	ticket number and approximately expected response time
	- provide the reporter with feedback
	- close the ticket once the report has been acted upon or flagged as
	invalid/not reproducible


	b)
	- reporter gets replies from non-torproject.org senders?

	If I send a report to bad-relays@lists.torproject.org
	and get a reply from ...@gmail.com, ...@riseup.net, ...@randomdomain.com
	- that feels somewhat confusing, unexpected and does not inspire trust.

	suggestion:
	- I assume RT would work also for this issue


	2)
	issues for me as a bad-relays subscriber
	-----------------------------------------

	a) no info/feedback if and when a report has been acted upon (at all)


	suggestion:
	- I assume RT would work also for this issue (ticket gets closed when it
	has been acted upon or rejected)


	b) lots of spam in the ML archive (more than ham) -> Can I help
	removing all that spam from the archive?


	Misc.
	---------------
	- Is my assumption correct that you have _automated_ exit scans in place
	for new exit relays? (otherwise I would work on something like that)

	- Do your exit scanners check if their probes are rerouted through
	other exits?

	- We should support encrypted submissions

	- We should use something better than IRC
	(end-to-end encryption)

	[ I'll stop here because other points are less important and should not
	take away resources from more important ones ]



	regards,
	nusenu