exclude_badExits/README.md

This extends nusenu's basic idea of using the stem library to
dynamically exclude nodes that are likely to be bad by putting them
on the ExcludeNodes or ExcludeExitNodes setting of a running Tor.
* https://github.com/nusenu/noContactInfo_Exit_Excluder
* https://github.com/TheSmashy/TorExitRelayExclude

The basic cut is to exclude Exit nodes that do not have a contact.
That can be extended to nodes that do not have an email in the contact etc.

But there's a problem, and your Tor notice.log will tell you about it:
you could exclude the nodes needed to access hidden services or
directorues. So we need to add to the process the concept of a whitelist.
In addition, we may have our own blacklist of nodes we want to exclude,
or use these lists for other applications like selektor.

So we make two files that are structured in YAML:
```
/etc/tor/yaml/torrc-goodnodes.yaml
GoodNodes:
  Relays:
    IntroductionPoints:
      - NODEFINGERPRINT
  ...
By default all sections of the goodnodes.yaml are used as a whitelist.

/etc/tor/yaml/torrc-badnodes.yaml
BadNodes:
  ExcludeExitNodes:
    BadExit:
      # $0000000000000000000000000000000000000007
```
That part requires [PyYAML](https://pyyaml.org/wiki/PyYAML)
https://github.com/yaml/pyyaml/

Right now only the ExcludeExitNodes section is used by we may add ExcludeNodes
later, and by default all sub-sections of the badnodes.yaml are used as a
ExcludeExitNodes but it can be customized with the lWanted commandline arg.

The original idea has also been extended to add different conditions for
exclusion: the ```--contact``` commandline arg is a comma sep list of conditions:
* Empty - no contact info
* NoEmail - no @ sign in the contact',
More may be added later.

Because you don't want to exclude the introduction points to any onion
you want to connect to, ```--white_onions``` should whitelist the
introduction points to a  comma sep list of onions, but is
currently broken in stem 1.8.0: see:
* https://github.com/torproject/stem/issues/96
* https://gitlab.torproject.org/legacy/trac/-/issues/25417

```--torrc_output``` will write the torrc ExcludeNodes configuration to a file.

Now for the final part: we lookup the Contact info of every server
that is currently in our Tor, and check it for its existence.
If it fails to provide the well-know url, we assume its a bogus
relay and add it to a list of nodes that goes on ExcludeNodes -
not just exclude Exit.

If the Contact info is good we add the list of fingerprints to add
to ExitNodes, a whitelist of relays to use as exits.

```--proof_output``` will write the contact info as a ciiss dictionary
to a YAML file. If the proof is uri-rsa, the well-known file of fingerprints
is downloaded and the fingerprints are added on a 'fps' field we create
of that fingerprint's entry of the YAML dictionary. This file is read at the
beginning of the program to start with a trust database, and only new
contact info from new relays are added to the dictionary.

You can expect it to take an hour or two the first time this is run:
>700 domains.

For usage, do ```python3 exclude_badExits.py --help`
Added well-known downloading 2022-11-07 12:38:22 +01:00			`This extends nusenu's basic idea of using the stem library to`
			`dynamically exclude nodes that are likely to be bad by putting them`
			`on the ExcludeNodes or ExcludeExitNodes setting of a running Tor.`
			`* https://github.com/nusenu/noContactInfo_Exit_Excluder`
			`* https://github.com/TheSmashy/TorExitRelayExclude`

			`The basic cut is to exclude Exit nodes that do not have a contact.`
			`That can be extended to nodes that do not have an email in the contact etc.`

			`But there's a problem, and your Tor notice.log will tell you about it:`
Download 2022-11-08 15:15:05 +01:00			`you could exclude the nodes needed to access hidden services or`
			`directorues. So we need to add to the process the concept of a whitelist.`
			`In addition, we may have our own blacklist of nodes we want to exclude,`
			`or use these lists for other applications like selektor.`
Added well-known downloading 2022-11-07 12:38:22 +01:00
			`So we make two files that are structured in YAML:`
			```
Download 2022-11-08 15:15:05 +01:00			`/etc/tor/yaml/torrc-goodnodes.yaml`
			`GoodNodes:`
			`Relays:`
			`IntroductionPoints:`
			`- NODEFINGERPRINT`
Added well-known downloading 2022-11-07 12:38:22 +01:00			`...`
			`By default all sections of the goodnodes.yaml are used as a whitelist.`

Download 2022-11-08 15:15:05 +01:00			`/etc/tor/yaml/torrc-badnodes.yaml`
			`BadNodes:`
Added well-known downloading 2022-11-07 12:38:22 +01:00			`ExcludeExitNodes:`
			`BadExit:`
			`# $0000000000000000000000000000000000000007`
			```
			`That part requires [PyYAML](https://pyyaml.org/wiki/PyYAML)`
			`https://github.com/yaml/pyyaml/`

			`Right now only the ExcludeExitNodes section is used by we may add ExcludeNodes`
			`later, and by default all sub-sections of the badnodes.yaml are used as a`
			`ExcludeExitNodes but it can be customized with the lWanted commandline arg.`

			`The original idea has also been extended to add different conditions for`
			exclusion: the ```--contact``` commandline arg is a comma sep list of conditions:
			`* Empty - no contact info`
			`* NoEmail - no @ sign in the contact',`
			`More may be added later.`

			`Because you don't want to exclude the introduction points to any onion`
Download 2022-11-08 15:15:05 +01:00			you want to connect to, ```--white_onions``` should whitelist the
			`introduction points to a comma sep list of onions, but is`
Added well-known downloading 2022-11-07 12:38:22 +01:00			`currently broken in stem 1.8.0: see:`
			`* https://github.com/torproject/stem/issues/96`
			`* https://gitlab.torproject.org/legacy/trac/-/issues/25417`

Download 2022-11-08 15:15:05 +01:00			```--torrc_output``` will write the torrc ExcludeNodes configuration to a file.
Added well-known downloading 2022-11-07 12:38:22 +01:00
Download 2022-11-08 15:15:05 +01:00			`Now for the final part: we lookup the Contact info of every server`
			`that is currently in our Tor, and check it for its existence.`
			`If it fails to provide the well-know url, we assume its a bogus`
			`relay and add it to a list of nodes that goes on ExcludeNodes -`
			`not just exclude Exit.`
Added well-known downloading 2022-11-07 12:38:22 +01:00
Download 2022-11-08 15:15:05 +01:00			`If the Contact info is good we add the list of fingerprints to add`
			`to ExitNodes, a whitelist of relays to use as exits.`

			```--proof_output``` will write the contact info as a ciiss dictionary
			`to a YAML file. If the proof is uri-rsa, the well-known file of fingerprints`
			`is downloaded and the fingerprints are added on a 'fps' field we create`
			`of that fingerprint's entry of the YAML dictionary. This file is read at the`
			`beginning of the program to start with a trust database, and only new`
			`contact info from new relays are added to the dictionary.`
Initial commit 2022-11-07 06:35:14 +01:00
Download 2022-11-08 15:15:05 +01:00			`You can expect it to take an hour or two the first time this is run:`
			`>700 domains.`

			For usage, do ```python3 exclude_badExits.py --help`