Ran into a misconfigured, malicious, or suspicious relay while using Tor? Please let us know by sending email to bad-relays AT lists DOT torproject DOT org!
Many bad relays are caught thanks to our wider community, so many thanks for all your help and vigilance!
The criteria for rejecting bad relays can be found in the Network Health wiki.
What is a bad relay?
A bad relay is one that either doesn't work properly or tampers with our users' connections. This can be either through maliciousness or misconfiguration. Some common examples are...
- Tampering with exit traffic in any way (including dropping accepted connections). This might be accidental (such as an anti-virus filter) or malicious (commonly SSLStrip, which replaces https:// links with http:// to snoop on traffic) or even intentional (such as layer 7 inspection for P2P traffic detection/mitigation).
- Running HSDirs that harvest and probe .onion addresses
- Manipulating the DHT that is used for onion services, e.g., by positioning itself in the DHT.
- Using a DNS provider that censors its results (such as some OpenDNS or Quad (188.8.131.52) configurations).
- Performing a Sybil attack, which means flooding the network with new relays in an effort to deanonymize users. If you want to run multiple relays then that's great! But please be sure to set the MyFamily parameter.
- Exit relays routing their exit traffic back into the tor network (not actually exiting any traffic)
Also, if your relay is stolen or goes missing, please report it as well, so we can blocklist it in case whoever took it puts it back online.
The following are currently permitted yet do have some discussion for prohibition (as such, they should not be reported at this time):
- Only allowing plain-text traffic (for instance, just port 80). There's no good reason to disallow its encrypted counterpart (like port 443), making these relays highly suspect for sniffing traffic. See context and spec.
How do I report a bad relay?
If you encounter a bad relay then please let us know and write to
bad-relays AT lists DOT torproject DOT org.
You can check which exit you are using at any time by visiting tor check. Please include the following in your report:
- The relay's IP address or fingerprint. The fingerprint is a forty-character hex string such as
- What kind of behavior did you see?
- Any additional information we'll need to reproduce the issue.
However, if you need help with anything Tor-related, please contact the front desk instead.
What happens to bad relays?
After a relay is reported and we've verified the behavior we'll attempt to contact the relay operator. Often we can sort things out but if not (or the relay lacks contact information) we'll flag it to prevent it from continuing to be used.
We have three types of flags we can apply:
- BadExit - Never used as an exit relay (for relays that appear to mess with exit traffic)
- Invalid - Never used unless AllowInvalidNodes is set (by default this only allows for middle and rendezvous usage)
- Reject - Dropped from the consensus entirely
Which we use depends on the severity of the issue, and if it can still be safely used in certain situations.
My relay was given the BadExit flag. What's up?
In just about all cases we're unable to contact the operator to resolve the issue, so if your relay has been flagged as a BadExit then please let us know (see above for contact info) so we can work together to fix the issue.
Do you actively look for bad relays?
Yes. For our automated issue detection see exitmap and sybilhunter.
Other monitors include tortunnel, SoaT, torscanner, and DetecTor.