Huge problem on the Tor network all Exit Nodes easy can scanned, blocked in one step

[mx5kevin]

We should avoid this in the future setup if Lokinet will support Exit Nodes. The Complete Tor Network with all Exit Nodes can blockable with one step. More and more services are blocking the Tor whole network. There is a script that creates a fresh list of all exit nodes on the network. The Tor team has lost credibility for many.

https://support.torproject.org/abuse/i-want-to-ban-tor/

I have an idea for that how to fix it.

Like in modern Blockchains where Nominators and Validators are used. We can only list the users example hashes or nicknames with country codes without IP addresses . Like in the blockchain setup some validators can keep some group of users real IP and public in a list the nickname and country. And the user must need to solve a Captcha to access a exit node and get their IP. In this way, robots could not easily collect the IP addresses of the entire network. The other problem is posted on the Tor network in the host name „Hy i am a exit node”. Due to this problem, less and less users will run nodes, and there will be more and more malicious nodes. The Tor team does not want to solve this problem and users need an alternative. It must be limited so that the entire network can be easily mapped. There is a solution to this some nodes collect some groups and and only they know the relay operators IP addresses. And the user connect this „mediatory nodes”, proves that he is not a robot and than can connect to some nodes, can get some nodes IP from the network.

[majestrate]

On Wed, 03 May 2023 12:03:42 -0700 mx5kevin ***@***.***> wrote: We should avoid this in the future setup if Lokinet will support Exit Nodes. The Complete Tor Network with all Exit Nodes can blockable with one step. More and more services are blocking the Tor whole network. There is a script that creates a fresh list of all exit nodes on the network. The Tor team has lost credibility for many. https://support.torproject.org/abuse/i-want-to-ban-tor/

we currently do not have a large registry of exit nodes, mainly because we do not have the concept of publicly discoverable exit nodes. our current exit node discovery process stuff is fully out of band and was left up to the users to figure out. for having lots of hidden exits this is great, however for most consumer grade use cases this is a massive pain.

I have an idea for that how to fix it.

I think that being able to ban all tor exits has greatly lessened the pressure they get from people who hate getting abused by tor exits. i dont know if this is a thing i would classify as a thing that is broken in tor, i think the world is just having a hard time with users abusing tor exits. the network effect of criminality on tor does not help with that pressure they get at all.

Like in modern Blockchains where Nominators and Validators are used. We can only list the users example hashes or nicknames with country codes without IP addresses . Like in the blockchain setup some validators can keep some group of users real IP and public in a list the nickname and country. And the user must need to solve a Captcha to access a exit node and get their IP. In this way, robots could not easily collect the IP addresses of the entire network. The other problem is posted on the Tor network in the host name „Hy i am a exit node”. Due to this problem, less and less users will run nodes, and there will be more and more malicious nodes. The Tor team does not want to solve this problem and users need an alternative. It must be limited so that the entire network can be easily mapped. There is a solution to this some nodes collect some groups and and only they know the relay operators IP addresses. And the user connect this „mediatory nodes”, proves that he is not a robot and than can connect to some nodes, can get some nodes IP from the network.

this feels like an overly complex metadata based solution with too many moving parts. i feel like too much can go wrong in such a setup, especially if tied to a 3rd party captcha provider that can be used as a metadata side channel, one that bots are often trivially breakable using machine learning classification.

…

-- ~jeff

[mx5kevin]

The situation is getting worse, and it will be much worse in the future. The software loses its essence with this problem. In the long run, this won't be fixed by the Tor team, people will need a more reliable alternative with exit country selection option. There are serious problems with their team, certain people there wanted it to be that way on purpose. An entire network can be blocked, or tracked in a single step, and many large services do. The source of the problem is that all network nodes can be scanned and listed very quickly by bots. The only solution to this is that users get only some part of nodes after verifying that they are real persons from the network. And if they want more nodes we need verify multiple times they are real persons. This can be solved if there are several „librarian” operators to which several relays belong with a limited of number. And bots only can detect this „librarian” operators and not the relays. Average users should be encouraged to run relays, there are more and more malicious nodes, and because of this problem (they get easy way listed), fewer and fewer average users are running relays. Malicious nodes thus become dominant. The (connecting to exit nodes with one click) technology is not yet developed at Lokinet, this problem must be avoided already in the development. Where there is no such problem are the paid VPN services. There simply because it would cost them money to compile such a list and they don't support scanning the entire network. For websites, the entire Tor network is blocked, not a single exit node can be found that works. It's not only block a few nodes, they block the entire network at once. It is necessary to involve the users so that as many as possible with simple settings operate relays, which run for a short enough time to be can not permanently scanned. And they don't advertise themselves as part of an anonymous network, thereby providing high anonymity to users. Those who use a laptop, cell phone, desktop PC, it is important that they run it these relays, and not unknown server operators. If someone runs something like this, they should be rewarded. Against other users who use the network but do not participate in its operation. In the case of the Tor network, it appears that the exit nodes are not operated by ordinary people. Off the list, these servers on the host name, and on port 80 tell they are part of the Tor network just use it for that a whats my IP site, it shows there in the host name its a exit relay. These problems will not be fixed by the Tor team in the long term, the intention is also missing. There is no alternative to this, the users need a more reliable development team because the problem is with the developers there.

[mx5kevin]

The other problem I was talking about.

https://proxy6.net/en/privacy

Just have to test the network to see what data can be extracted.

[majestrate]

On Wed, 03 May 2023 14:06:07 -0700 mx5kevin ***@***.***> wrote: The situation is getting worse, and it will be much worse in the future.

I will put forth the perspective this only applies to the web. There is far far more than web tech that is possible with the internet and I for one cheer for the end of the web. It's google's pet at this point and I do not thing its death will be a bad thing.

The software loses its essence with this problem. In the long run, this won't be fixed by the Tor team, people will need a more reliable alternative with exit country selection option. There are serious problems with their team, certain people there wanted it to be that way on purpose. An entire network can be blocked, or tracked in a single step, and many large services do. The source of the problem is that all network nodes can be scanned and listed very quickly by bots. The only solution to this is that users get only some part of nodes after verifying that they are real persons from the network. And if they want more nodes we need verify multiple times they are real persons. This can be solved if there are several „librarian” operators to which several relays belong with a limited of number. And bots only can detect this „librarian” operators and not the relays. Average users should be encouraged to run relays, there are more and more malicious nodes, and because of this problem (they get easy way listed), fewer and fewer average users are running relays. Malicious nodes thus become dominant. The (connecting to exit nodes with one click) technology is not yet developed at Lokinet, this problem must be avoided already in the development. Where there is no such problem are the paid VPN services. There simply because it would cost them money to compile such a list and they don't support scanning the entire network. For websites, the entire Tor network is blocked, not a single exit node can be found that works. It's not only block a few nodes, they block the entire network at once. It is necessary to involve the users so that as many as possible with simple settings operate relays, which run for a short enough time to be can not permanently scanned. And they don't advertise themselves as part of an anonymous network, thereby providing high anonymity to users. Those who use a laptop, cell phone, desktop PC, it is important that they run it these relays, and not unknown server operators. If someone runs something like this, they should be rewarded. Against other users who use the network but do not participate in its operation. In the case of the Tor network, it appears that the exit nodes are not operated by ordinary people. Off the list, these servers on the host name, and on port 80 tell they are part of the Tor network just use it for that a whats my IP site, it shows there in the host name its a exit relay. These problems will not be fixed by the Tor team in the long term, the intention is also missing. There is no alternative to this, the users need a more reliable development team because the problem is with the developers there.

This sounds like a ruegoldberg machine and I am having a hard time following this. This sounds less like a bug report and more like a discission. I'll move this to the discission section for now.

…

-- ~jeff

[Ashthetik]

I know I'm not apart of this project but I've been watching for a while but:

An entire network can be blocked, or tracked in a single step, and many large services do.

This is actually something that has been possible for many years on the Tor networks, as a federal officer (i.e. CIA, FBI, ASIO, etc.) it's often purposefully proposed to have the networks internally constructed for this to be possible, or if refused the network gets "gagged" where everything gets handed to Federal without notifying users of the network, and/or software.

We can see this repeatedly with situations like Chat Control 2.0 proposal clauses, where services are required to have backdoors or a form of "traceback".

And I agree with Majestrate that the "fix" concept is a hard to maintain concept prone to breaking but with added points that it's still vulnerable to the same mapping if a third-party captcha exists somewhere in the net; and adding a custom captcha on its own also makes maintaining the stability of the system harder as it requires a larger set of engineering.

I think that being able to ban all tor exits has greatly lessened the pressure they get from people who hate getting abused by tor exits. i dont know if this is a thing i would classify as a thing that is broken in tor, i think the world is just having a hard time with users abusing tor exits. the network effect of criminality on tor does not help with that pressure they get at all.

From the time I've worked corporately, I heavily agree on this point. Whilst privacy is a must have and a requirement for the people, it's no unknown fact Tor's network is commonly known for illegal activities more than it is for user privacy and censor jumping/bypassing.

Overall adding a way to buffer having nodes blocked is objectively a painful task, especially with the rapid developments of AI

[Ashthetik]

I'm assuming DPI in this context is Deep Packet Inspection? If so, then I agree we need to move away from DPI, especially when in order to inspect some of the traffic we need to essentially break the privacy ethics (I've seen it happen through internally MITM requests in a private network). I'd be keen to see how you propose a way to maintain privacy whilst also ensuring security, Packet Sig. Checking is possible but even attackers could work around that.

the most important realization to have here is (IMO) that evading network censorship is all about routing around damage

Agreed! As a proposal, would it be plausible to query a vast amounts of DNS servers in various countries to identify which regions block what content, without the need of over complicating a discovery method to produce the best route? A conflict to this would be that the exit nodes may actually end up moving/changing more than they do naturally.

[majestrate]

I'm assuming DPI in this context is Deep Packet Inspection?

yes, but more broadly not just that but also networks that are less friendly that drop UDP or do very vigorous filtration.

As a proposal, would it be plausible to query a vast amounts of DNS servers in various countries to identify which regions block what content, without the need of over complicating a discovery method to produce the best route?

i dont think so because of dns caching and such. on the client ingress part on this (connecting to the first hop), i think the simpler route of "lokinet doesn't work via this way" is a much simpler solution that let's us detect such and then propagate the information about that. that requires multiple ways out of those areas, think meshlocal style stuff.

with this we would be able to solve connectivity and bad route discovery at once, at least conceptually. it's the "as long as you have a way to get out to the rest of the world, you can help everyone else can" type thing. physics imposes some hefty bottlenecks in the edge cases where it is most needed, but i dont think there is anything else that can go out there. you're doing UUCP style l2 store and forward from there on not matter what. that added latency is also desirable for other reasons in such places.

[majestrate]

now on the exit node end of this, it gets very very hard because of privacy concerns and insentives being possibly set improperly. such misteps in setting incentives would lead to people botting to game it for profit, which is the opposite of what we want.

[Ashthetik]

more broadly not just that but also networks that are less friendly that drop UDP or do very vigorous filtration

I'd be interested if you could point me towards any resources for this. Sounds interesting, on when this use-case is applied in the field, since I never had to drop UDP in such cases 🤔 Our main way of DPI was performing a consensual MITM

physics imposes some hefty bottlenecks in the edge cases where it is most needed, but i dont think there is anything else that can go out there

Do you mind expanding a bit on this? I'm on the lines of processing power of the hardware, or is it related to something else completely?

[majestrate]

more broadly not just that but also networks that are less friendly that drop UDP or do very vigorous filtration

I'd be interested if you could point me towards any resources for this. Sounds interesting, on when this use-case is applied in the field, since I never had to drop UDP in such cases thinking Our main way of DPI was performing a consensual MITM

it's from my relatively limited experiences with filtered networks like on an airliner or some other place that uses some outsourced super lazy fascist firewall solution, i usually find that such networks will wholesale filter out udp more often than they don't.

physics imposes some hefty bottlenecks in the edge cases where it is most needed, but i dont think there is anything else that can go out there

Do you mind expanding a bit on this? I'm on the lines of processing power of the hardware, or is it related to something else completely?

latency of processing imposed by going into the device, going up to userland, being processed, going back out, will introduce some latency, albeit usually sub 500us. those can add up faster than people think as even in "ideal" situations you'd start to notice it with double digit hops. (with an additional 1 to 3 ms latency)

[mx5kevin]

That would be the idea.

User -> library node (Guarding Lokinet nodes IP addresses)

If the user are malicious only can see the library nodes IP addresses.

After the user are solving a decentralized Captcha will get some Lokinet nodes IP. Some free from third party and decentralized system can be found to distinguish robots from real users.

library node -> Lokinet exit node 1 (TCP 80, 443, UDP 53 can connect to it the user or using custom or random port)
-> Lokinet exit node 2
-> Lokinet exit node 3

The point is that it is can't be possible to simply list the network with all exit and non exit nodes IP. Possible to list and block library nodes but Lokinet exit node and non exit nodes, detect and block this way are much more complicated. This could be used to entry nodes (guard nodes), bridges, too not just in the exit nodes. Blocking the entire network is much more difficult this way.

If the network are enough secured, cannot be listed the exit and non exit nodes, users must be involved to run as exit and non exit nodes. This is necessary to avoid it malicious nodes and exits dominate the network.

Port TCP 80, TCP 443 UDP port 53 DNS (using DNS tunneling mode), and editable ports, random ports at every startup options are required to connect to the Lokinet network. It should be important to not possible to filter which service based on port number. And VPN support if Lokinet are blocked. Secret services use port number based monitoring to detect some services.