Something fishy is going on with Tor:
80% of the network is influenced by the fourteen eyes (https://metrics.nothingtohide.nl/misc/countries-by-consensus-weight.html)
The German node problem (http://opbible7nans45sg33cbyeiwqmlp5fu7lklu6jd6f3mivrjeqadco5yd.onion/opsec/germantornodes/)
The Tor Files (http://opbible7nans45sg33cbyeiwqmlp5fu7lklu6jd6f3mivrjeqadco5yd.onion/opsec/torhoneypot/ , possible FUD warning)

Some of the largest Tor hosting providers won't implement RPKI ROV, exposing lots of users to RAPTOR attacks (RAPTOR attack: https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/sun, Tor hoster ranking: https://metrics.nothingtohide.nl/misc/networks-by-bandwidth.html OVH SAS: https://bgp.tools/as/16276, Hetzner: https://bgp.tools/as/24940, 1aeo: https://bgp.tools/as/36849, Church of Cyberology: https://bgp.tools/as/215125 etc.)

1 actor alone operates around 900 Guard nodes (1aeo: https://metrics.nothingtohide.nl/contact/592c6ac73b6520aabeaed46dacbbb914/)
1 actor alone operates around 700 Exit nodes (https://metrics.nothingtohide.nl/contact/be6da6360fbd2e6becec5b035c49df20/)

German nodes control 30% of ALL Tor traffic (https://metrics.nothingtohide.nl/misc/countries-by-consensus-weight.html)
Dutch nodes control 17%
US nodes control around 12%

Malicious Saars (https://metrics.torproject.org/userstats-relay-country.html?start=2025-10-28&end=2026-01-01&country=in&events=off)
Malicious German Tor users (https://metrics.torproject.org/userstats-relay-country.html?start=2022-10-28&end=2026-01-01&country=de&events=off)
Malicious American Tor users (https://metrics.torproject.org/userstats-relay-country.html?start=2022-10-28&end=2026-01-01&country=us&events=off)
Malicious Indonesian Tor users (https://metrics.torproject.org/userstats-relay-country.html?start=2025-01-28&end=2026-01-01&country=id&events=off)

>posted from Tor btw

Tor node selection :^)

Since posting this, I experienced a pretty large DoS attack :^)
Jan 26 11:22:48 localpc Tor: Detected possible compression bomb with input size = 73560 and output size = 1948792 (compression factor = 26.49)
Jan 26 11:22:48 localpc Tor: Possible compression bomb; abandoning stream.
Jan 26 11:22:48 localpc Tor: Unable to decompress HTTP body (tried Zstandard compressed, on Directory connection (client reading) with 5.9.14.25:993). : Detected possible compression bomb with input size = 30472 and output size = 946256 (compression factor = 31.05)
Jan 26 11:22:48 localpc Tor: Possible compression bomb; abandoning stream.
Jan 26 11:22:48 localpc Tor: Detected possible compression bomb with input size = 70627 and output size = 1811878 (compression factor = 25.65)
Jan 26 11:22:48 localpc Tor: Possible compression bomb; abandoning stream.
Jan 26 11:22:48 localpc Tor: Detected possible compression bomb with input size = 71064 and output size = 1811878 (compression factor = 25.50)
Jan 26 11:22:48 localpc Tor: Possible compression bomb; abandoning stream.
Jan 26 11:22:48 localpc Tor: Detected possible compression bomb with input size = 32494 and output size = 962800 (compression factor = 29.63)
Jan 26 11:22:48 localpc Tor: Possible compression bomb; abandoning stream.
Jan 26 11:22:48 localpc Tor: Detected possible compression bomb with input size = 66852 and output size = 1948792 (compression factor = 29.15)
Jan 26 11:22:48 localpc Tor: Possible compression bomb; abandoning stream.
Jan 26 11:22:48 localpc Tor: Detected possible compression bomb with input size = 73560 and output size = 1948792 (compression factor = 26.49)
Jan 26 11:22:48 localpc Tor: Possible compression bomb; abandoning stream.
Jan 26 11:22:48 localpc Tor: Detected possible compression bomb with input size = 30472 and output size = 946256 (compression factor = 31.05)
Jan 26 11:22:48 localpc Tor: Possible compression bomb; abandoning stream.
Jan 26 11:22:48 localpc Tor: Detected possible compression bomb with input size = 70627 and output size = 1811878 (compression factor = 25.65)
Jan 26 11:22:48 localpc Tor: Possible compression bomb; abandoning stream.
Jan 26 11:22:48 localpc Tor: Detected possible compression bomb with input size = 30472 and output size = 946256 (compression factor = 31.05)
Jan 26 11:22:48 localpc Tor: Possible compression bomb; abandoning stream.
Jan 26 11:22:48 localpc Tor: Detected possible compression bomb with input size = 70627 and output size = 1811878 (compression factor = 25.65)
Jan 26 11:22:48 localpc Tor: Possible compression bomb; abandoning stream.
Jan 26 11:22:48 localpc Tor: Detected possible compression bomb with input size = 66852 and output size = 1948792 (compression factor = 29.15)
Jan 26 11:22:48 localpc Tor: Possible compression bomb; abandoning stream.
.
.
.
Jan 26 11:23:19 localpc NetworkManager: <info>dhcp4 (enp2s0): state changed new lease, address=192.168.0.114

Something is DEFINITELY wrong

>>4613
how
what's happening here?

>>4614
I received almost 3 gigs of data under 5 seconds (which I presume is directory authority replies) from my guard node and my NIC said fuck it and it shut down :^).
That 3 gigs of data also expanded to around 60 gigs of junk, filling my memory almost completely

systemctl status tor:
Process: 2078 ExecStartPre=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc --verify-config (code=exited, status=0/SUCCESS)
Main PID: 2100 (tor)
Tasks: 375 (limit: 38221)
Memory: 213M (min: 118M, peak: 61.3G, swap: 84K, swap peak: 84K)
CPU: 3h 26min 29.182s


It's not uncommon for relays (dir request spam: https://metrics.torproject.org/dirbytes.html) , but it's definitely wrong for a regular user like me
I don't know how, I'll ask around.

cool kids have moved over to i2p/yggdrasil or a completlt different network stack reticulum
tor glows harder lighter than the sun, anon.

the reason why (in my opinion) most TOR nodes are only in a few countries is because servers there is quite cheap, especially bandwidth. bandwidth is much cheaper in the USA and europe compared to places like asia and south america.

Onions are generally known for their strong smell.

I cry when onions.