Discussion:
[tor-relays] Contact info obfscation
Keifer Bly
2018-06-30 00:22:23 UTC
Permalink
Hello,

I am aware that email addresses used in the “ContactInfo: “ in a relay operator’s torrc file is publicly listed on the tor relay. However, what I am wondering, is there a way to obfuscate the email address on http://torstatus.blutmagie.de/router_detail.php?FP=db1af6477bb276b6ea5e72132684096eee779d30 to appear as “k—f---b--@g-ail.com” or something of the sorts, while keeping the real email address readable for tor cloud to send mail to? It seems like obfuscating the email address in the torrc file would cause it to become unreadable to the tor project as well.

Thank you.
nusenu
2018-06-30 13:02:00 UTC
Permalink
Post by Keifer Bly
I am aware that email addresses used in the “ContactInfo: “ in a
relay operator’s torrc file is publicly listed on the tor relay.
However, what I am wondering, is there a way to obfuscate the email
address on
http://torstatus.blutmagie.de/router_detail.php?FP=db1af6477bb276b6ea5e72132684096eee779d30
keeping the real email address readable for tor cloud
I'm not sure I know what you mean with "tor cloud" can you
describe what you mean?
Post by Keifer Bly
It seems like obfuscating the email address in the torrc file
would cause it to become unreadable to the tor project as well.
the contact info string will be published the same way you put it in your
torrc configuratin file if you want to make it harder for email address
harvesters / spammers to send you email you can obfuscate
it however you like.

in the following spec I'm using a specific way to obfuscate the "@"
sign with a "[]" so I can process email addresses automatically,
but it is up to you how you obfuscate your address

https://github.com/nusenu/ContactInfo-Information-Sharing-Specification#email
--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu
Keifer Bly
2018-06-30 15:29:05 UTC
Permalink
What I mean is tor project, the system that sends an email when it notices that a relay has been unavailable for 48 hours or the relays not working right.

Sent from my iPhone
Post by nusenu
I am aware that email addresses used in the “ContactInfo: “ in a
relay operator’s torrc file is publicly listed on the tor relay.
However, what I am wondering, is there a way to obfuscate the email
address on
http://torstatus.blutmagie.de/router_detail.php?FP=db1af6477bb276b6ea5e72132684096eee779d30
keeping the real email address readable for tor cloud
I'm not sure I know what you mean with "tor cloud" can you
describe what you mean?
It seems like obfuscating the email address in the torrc file
would cause it to become unreadable to the tor project as well.
the contact info string will be published the same way you put it in your
torrc configuratin file if you want to make it harder for email address
harvesters / spammers to send you email you can obfuscate
it however you like.
sign with a "[]" so I can process email addresses automatically,
but it is up to you how you obfuscate your address
https://github.com/nusenu/ContactInfo-Information-Sharing-Specification#email
--
https://twitter.com/nusenu_
_______________________________________________
tor-relays mailing list
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
nusenu
2018-06-30 15:40:00 UTC
Permalink
Post by Keifer Bly
What I mean is tor project, the system that sends an email when it
notices that a relay has been unavailable for 48 hours or the relays
not working right.
currently there is no such service as far as I know,
in the past (when Tor Weather still existed) they didn't use
ContactInfo data to send emails, but operators would subscribe and submit
their email address via a website, subscription email addresses weren't
public (unlike ContactInfo)
--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu
Keifer Bly
2018-06-30 19:48:56 UTC
Permalink
Ok. So if that’s not being used anymore, what is the “ContactInfo: “ string used for? Is there still a way I can subscribe my email address to tor project for such things?

Thank you.
Post by nusenu
Post by Keifer Bly
What I mean is tor project, the system that sends an email when it
notices that a relay has been unavailable for 48 hours or the relays
not working right.
currently there is no such service as far as I know,
in the past (when Tor Weather still existed) they didn't use
ContactInfo data to send emails, but operators would subscribe and submit
their email address via a website, subscription email addresses weren't
public (unlike ContactInfo)
--
https://twitter.com/nusenu_
_______________________________________________
tor-relays mailing list
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
nusenu
2018-06-30 19:54:00 UTC
Permalink
Ok. So if that’s not being used anymore, what is the “ContactInfo: “
string used for?
ContactInfo is not used by (past) Tor Weather implementations
but it is still very much useful when people want to reach
the operator.

Some potential reasons to reach the operator are:
- misconfiguration
- security issues
- disfunctional relay
Is there still a way I can subscribe my email
address to tor project for such things?
as I say in my last email there is no such service (Tor Weather)
replacement (yet)
--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu
Keifer Bly
2018-07-01 02:36:04 UTC
Permalink
So I just changed my torrc file contactinfo to
Keifer dot bly at gmail dot com

Do I need to restart my relay for this to take effect?

Will doing this make it more difficult for spammers to reach my address?

Thanks.

From: nusenu
Sent: Saturday, June 30, 2018 12:54 PM
To: tor-***@lists.torproject.org
Subject: Re: [tor-relays] Contact info obfscation
Ok. So if that’s not being used anymore, what is the “ContactInfo: “
string used for?
ContactInfo is not used by (past) Tor Weather implementations
but it is still very much useful when people want to reach
the operator.

Some potential reasons to reach the operator are:
- misconfiguration
- security issues
- disfunctional relay
Is there still a way I can subscribe my email
address to tor project for such things?
as I say in my last email there is no such service (Tor Weather)
replacement (yet)
--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu
Keifer Bly
2018-07-01 02:37:57 UTC
Permalink
Terribly sorry, one last question I just thought of. Will that make it more difficult for people who legitimately want to contact the relay operator who aren’t spammers to contact me? Thank you.

From: Keifer Bly
Sent: Saturday, June 30, 2018 7:36 PM
To: tor-***@lists.torproject.org
Subject: RE: [tor-relays] Contact info obfscation

So I just changed my torrc file contactinfo to
Keifer dot bly at gmail dot com

Do I need to restart my relay for this to take effect?

Will doing this make it more difficult for spammers to reach my address?

Thanks.

From: nusenu
Sent: Saturday, June 30, 2018 12:54 PM
To: tor-***@lists.torproject.org
Subject: Re: [tor-relays] Contact info obfscation
Ok. So if that’s not being used anymore, what is the “ContactInfo: “
string used for?
ContactInfo is not used by (past) Tor Weather implementations
but it is still very much useful when people want to reach
the operator.

Some potential reasons to reach the operator are:
- misconfiguration
- security issues
- disfunctional relay
Is there still a way I can subscribe my email
address to tor project for such things?
as I say in my last email there is no such service (Tor Weather)
replacement (yet)
--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu
a***@riseup.net
2018-07-02 06:23:00 UTC
Permalink
Post by Keifer Bly
Will doing this make it more difficult for spammers to reach my address?
Yes. However, I think you should consider publishing your unobfuscated
email address, for clarity and convenience to those who are legitimately
trying to contact you.

I don't obfuscate my email address in the ContactInfo field, and I
receive at most a few handfuls of spam messages per month. Most of these
are caught by my email provider's spam filter, which I already have set
to its least aggressive setting possible.

alkyl
Eran Sandler
2018-07-02 06:37:05 UTC
Permalink
If you are worried about putting a real address you can use a forwarding
only address under a different domain.

Do you think it would be useful if you had been given an address like
***@torexitnode.net?

As part of a different thread on this list I asked what are some of the
services and thinga Tor relay operators are missing. Perhaps an easy
forwarding only email address that will hide to some degree the real email
address.

It also makes it very easy to filter and figure out if it's spam or not.

Wdyt?
Post by a***@riseup.net
Post by Keifer Bly
Will doing this make it more difficult for spammers to reach my address?
Yes. However, I think you should consider publishing your unobfuscated
email address, for clarity and convenience to those who are legitimately
trying to contact you.
I don't obfuscate my email address in the ContactInfo field, and I
receive at most a few handfuls of spam messages per month. Most of these
are caught by my email provider's spam filter, which I already have set
to its least aggressive setting possible.
alkyl
_______________________________________________
tor-relays mailing list
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Keifer Bly
2018-07-02 06:44:36 UTC
Permalink
Very well, I will change it back. I just wish there was an easier way to block spammers


From: Eran Sandler
Sent: Sunday, July 1, 2018 11:37 PM
To: tor-***@lists.torproject.org
Subject: Re: [tor-relays] Contact info obfscation

If you are worried about putting a real address you can use a forwarding only address under a different domain.

Do you think it would be useful if you had been given an address like ***@torexitnode.net?

As part of a different thread on this list I asked what are some of the services and thinga Tor relay operators are missing. Perhaps an easy forwarding only email address that will hide to some degree the real email address.

It also makes it very easy to filter and figure out if it's spam or not.

Wdyt?
Post by Keifer Bly
Will doing this make it more difficult for spammers to reach my address?
Yes. However, I think you should consider publishing your unobfuscated
email address, for clarity and convenience to those who are legitimately
trying to contact you.

I don't obfuscate my email address in the ContactInfo field, and I
receive at most a few handfuls of spam messages per month. Most of these
are caught by my email provider's spam filter, which I already have set
to its least aggressive setting possible.

alkyl
nusenu
2018-07-01 09:07:00 UTC
Permalink
So I just changed my torrc file contactinfo to Keifer dot bly at
gmail dot com
Do I need to restart my relay for this to take effect?
restart is not required but you need to reload it
Will doing this make it more difficult for spammers to reach my address?
yes, probably (for some spammers/harvesters)
but updating the contactinfo will not remove older contactinfo
strings since they are all archived and so spammers can still
see the former (non-obfuscated) version of that contactinfo string
Will that make it more difficult for people who legitimately want to
contact the relay operator who aren’t spammers to contact me?
If they want to do it automatically: yes
if they do it manually: probably not
--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu
Keifer Bly
2018-07-01 11:10:06 UTC
Permalink
How do I reload the relay without restarting it?

Thank you.

From: nusenu
Sent: Sunday, July 1, 2018 2:07 AM
To: tor-***@lists.torproject.org
Subject: Re: [tor-relays] Contact info obfscation
So I just changed my torrc file contactinfo to Keifer dot bly at
gmail dot com
Do I need to restart my relay for this to take effect?
restart is not required but you need to reload it
Will doing this make it more difficult for spammers to reach my address?
yes, probably (for some spammers/harvesters)
but updating the contactinfo will not remove older contactinfo
strings since they are all archived and so spammers can still
see the former (non-obfuscated) version of that contactinfo string
Will that make it more difficult for people who legitimately want to
contact the relay operator who aren’t spammers to contact me?
If they want to do it automatically: yes
if they do it manually: probably not
--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu
teor
2018-07-01 11:59:20 UTC
Permalink
Post by Keifer Bly
How do I reload the relay without restarting it?
To reload all the tor instances on your machine:
killall -HUP tor

To reload just one tor instance:
kill -HUP `cat tor.pid`
If you have "PidFile tor.pid" in your torrc.

T
Johan Fleury
2018-07-01 15:38:59 UTC
Permalink
Post by nusenu
https://github.com/nusenu/ContactInfo-Information-Sharing-Specification#email
Does this have any chance to be adopted inside Tor or will it stay a
side project?
--
Johan Fleury
PGP Key ID : 0x5D404386805E56E6
nusenu
2018-07-01 15:43:00 UTC
Permalink
Post by Johan Fleury
Post by nusenu
https://github.com/nusenu/ContactInfo-Information-Sharing-Specification#email
Does this have any chance to be adopted inside Tor or will it stay a
side project?
I don't think it will be adopted by the tor project and I
don't aim for that, but I like the growing number of relays using it.

If adoption should ever become significant (>500?) maybe
Relay Search will pick it up.
--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu
Iain Learmonth
2018-07-01 16:11:01 UTC
Permalink
Hi,
Post by nusenu
If adoption should ever become significant (>500?) maybe
Relay Search will pick it up.
It probably would. (:

Thanks,
Iain.
Kay Slake
2018-07-01 16:27:15 UTC
Permalink
I'd like to opt out of to relays. It's too technical for me. Thank you
Post by Iain Learmonth
Hi,
Post by nusenu
If adoption should ever become significant (>500?) maybe
Relay Search will pick it up.
Thanks,
Iain.
_______________________________________________
tor-relays mailing list
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
teor
2018-07-01 22:18:16 UTC
Permalink
Post by Kay Slake
I'd like to opt out of to relays. It's too technical for me. Thank you
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
T
Mirimir
2018-07-01 23:56:31 UTC
Permalink
Post by Kay Slake
I'd like to opt out of to relays. It's too technical for me. Thank you
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
T
Maybe y'all ought to edit the list sig. I vaguely recall ...

| To Unsubscribe, visit https://...

... being common, back in the day. The mptcp-dev list still has it. It's
no longer the norm, sure. But isn't it true that unsubscribing is the
main reason to visit the listinfo page? And seeing archives, of course.
Marco Predicatori
2018-07-02 07:28:46 UTC
Permalink
Post by Keifer Bly
Hello,
I am aware that email addresses used in the “ContactInfo: “ in a
relay operator’s torrc file is publicly listed on the tor relay.
However, what I am wondering, is there a way to obfuscate the
email address on
http://torstatus.blutmagie.de/router_detail...
Publish a GPG key instead. Spammers will have to go fetch your email
from a keyserver.
This is how I did it:
http://torstatus.blutmagie.de/router_detail.php?FP=a4e74410d83705eeff24bc265de2b2ff39bda56e

My two cents, bye, Marco
--
https://metrics.torproject.org/rs.html#details/A4E74410D83705EEFF24BC265DE2B2FF39BDA56E
Eran Sandler
2018-07-02 07:51:45 UTC
Permalink
Nice. Perhaps nusenu can add that to the spec. The current spec has gpg
support and keybase user, but perhaps there is a case for specifying the
gpg server as well (like in Marco's case).

Eran
Post by Marco Predicatori
Post by Keifer Bly
Hello,
I am aware that email addresses used in the “ContactInfo: “ in a
relay operator’s torrc file is publicly listed on the tor relay.
However, what I am wondering, is there a way to obfuscate the
email address on
http://torstatus.blutmagie.de/router_detail...
Publish a GPG key instead. Spammers will have to go fetch your email
from a keyserver.
http://torstatus.blutmagie.de/router_detail.php?FP=a4e74410d83705eeff24bc265de2b2ff39bda56e
My two cents, bye, Marco
--
https://metrics.torproject.org/rs.html#details/A4E74410D83705EEFF24BC265DE2B2FF39BDA56E
_______________________________________________
tor-relays mailing list
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
nusenu
2018-07-02 08:50:00 UTC
Permalink
Post by Eran Sandler
Nice. Perhaps nusenu can add that to the spec. The current spec has gpg
support and keybase user, but perhaps there is a case for specifying the
gpg server as well (like in Marco's case).
Usually the key fingerprint is enough to find a key
if it was uploaded to any major keyserver.

I'm not sure about adding a keyserver field to the spec,
instead of a keyserver field I would use a keyuri that
points to the public key file on a https server directly.
--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu
Eran Sandler
2018-07-02 08:58:42 UTC
Permalink
Works just as well :)

Eran
Post by nusenu
Post by Eran Sandler
Nice. Perhaps nusenu can add that to the spec. The current spec has gpg
support and keybase user, but perhaps there is a case for specifying the
gpg server as well (like in Marco's case).
Usually the key fingerprint is enough to find a key
if it was uploaded to any major keyserver.
I'm not sure about adding a keyserver field to the spec,
instead of a keyserver field I would use a keyuri that
points to the public key file on a https server directly.
--
https://twitter.com/nusenu_
_______________________________________________
tor-relays mailing list
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Loading...