Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
The Internet Security IT

Tor Project Removes 13.5% of Current Servers For Running EOL Versions (zdnet.com) 9

Posted by msmash from the take-note dept.
An anonymous reader writes: The Tor Project has removed from its network this week more than 800 servers that were running outdated and end-of-life (EOL) versions of the Tor software. The removed servers represent roughly 13.5% of the 6,000+ servers that currently comprise the Tor network and help anonymize traffic for users across the world. Roughly 750 of the removed servers represent Tor middle relays, and 62 are exit relays -- where users exit the Tor network onto the world wide web after having their true location hidden through the Tor network. The organization said it plans to release a Tor software update in November that will natively reject connections with EOL Tor server versions by default, without any intervention from the Tor Project staff. "Until then, we will reject around 800 obsolete relays using their fingerprints," the Tor Project said in a statement this week.
This discussion has been archived. No new comments can be posted.

Tor Project Removes 13.5% of Current Servers For Running EOL Versions More

Tor Project Removes 13.5% of Current Servers For Running EOL Versions

Comments Filter:

  • So I can just recompile and bump the reported version, right?

    • recompile

      WHAT??? RECOMPILE??? Eeeeuu, uncouth.

      Who wants to bother with all of +THAT+ hassle?? Just use a hex editor, then you don't have to worry about those stinkin' warnings or anything.

    • Re: (Score:1)

      by Anonymous Coward

      When you recompiling, why not bump version to latest and mitigate whole issue?
      Oh, I know why. And the reason people are staying on older versions. In 2014 Tor received integration with systemd (sd_notify(), watchdog etc), loosing all trust.

    • Re: (Score:2)

      by Hizonner ( 38491 )

      The problem isn't people intentionally running obsolete versions. It's people setting up relays and not maintaining them. Sure, you could fake the version, just like you could change the software to be actively malicious. But nobody would. What people do do is to start up a relay and never touch it again.

  • Tor is broken (Score:2, Interesting)

    by johnsie ( 1158363 )
    Tor has been broken for a long time. It's completely compromised at this stage.

    • Can you cite any sources?

      • Re: (Score:3)

        by Shaitan ( 22585 )

        This contains a couple. https://boingboing.net/2016/07/01/researchers-find-over-100-spyi.html

        Between rogue nodes, rogue exit nodes, and malware side channel attacks TOR is pretty well compromised.

        • Re: (Score:1)

          by Anonymous Coward

          ... only for people who don't use it properly. Although I will admit that the Tor project is irresponsible in promoting the Tor Browser Bundle. The TBB not "using it properly" for a lot of the people they invite to use it.

          Using Tor properly includes understanding your threat model. If you are the next Osama bin Laden and you personally are a priority target for the NSA, then you probably should not rely on Tor for much of your security. Doing so would be misuse.

          If you all you care about is hiding your ident

Slashdot Top Deals

For God's sake, stop researching for a while and begin to think!

Close