Skip to content

Instantly share code, notes, and snippets.

@nusenu
Created December 8, 2019 18:19
Show Gist options
  • Save nusenu/8b45fc377b5dba1683af97c3f0f69be5 to your computer and use it in GitHub Desktop.
Save nusenu/8b45fc377b5dba1683af97c3f0f69be5 to your computer and use it in GitHub Desktop.
Subject: [bad-relays] improving "bad-relays@"
Date: Sat, 28 Oct 2017
From: nusenu
To: bad-relays@lists.torproject.org
Hi,
[ this is NOT a report about a bad relay on the tor network ]
I was not sure where to send this email with suggestions for
improvements so I decided to send it to bad-relays@ directly because
that way it reaches the most relevant people (the subscribers of the list).
Since I'm a subscriber myself now, I feel somewhat obliged (to try) to
improve the current situation.
Problem Description
1)
Issues for a bad-relays reporter (external)
--------------------------------------------
This is from my personal experience as someone who sent a report to
bad-relays in the past (as non-subscriber) and from looking at past
bad-relays@ emails from the archive.
As a subscriber (now) I think I somewhat understand the reasons for this
problem a bit.
(most reports come from subscribers themselves but maybe we can improve
to get more external reports)
a) lacking feedback
- If someone reports something to bad-relays@ they might never get a
feedback.
- Reporter do NOT know
- if their email got to the right people
- if their report was useful
- if the offending relays were removed from the tor network
With no feedback they might never report to bad-relays@ again.
suggestions:
- maybe use a ticketing system like the help desk? (
https://rt.torproject.org/ )
- automatically assign a ticket number and send an auto-reply with
ticket number and approximately expected response time
- provide the reporter with feedback
- close the ticket once the report has been acted upon or flagged as
invalid/not reproducible
b)
- reporter gets replies from non-torproject.org senders?
If I send a report to bad-relays@lists.torproject.org
and get a reply from ...@gmail.com, ...@riseup.net, ...@randomdomain.com
- that feels somewhat confusing, unexpected and does not inspire trust.
suggestion:
- I assume RT would work also for this issue
2)
issues for me as a bad-relays subscriber
-----------------------------------------
a) no info/feedback if and when a report has been acted upon (at all)
suggestion:
- I assume RT would work also for this issue (ticket gets closed when it
has been acted upon or rejected)
b) lots of spam in the ML archive (more than ham) -> Can I help
removing all that spam from the archive?
Misc.
---------------
- Is my assumption correct that you have _automated_ exit scans in place
for new exit relays? (otherwise I would work on something like that)
- Do your exit scanners check if their probes are rerouted through
other exits?
- We should support encrypted submissions
- We should use something better than IRC
(end-to-end encryption)
[ I'll stop here because other points are less important and should not
take away resources from more important ones ]
regards,
nusenu
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment