[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Policy on filtered ExitNodes??



On Sat, Aug 13, 2005 at 10:33:02PM -0700, Mike Bergeron wrote:
> I just discovered today that at least one Tor server acting as an exit
> node (powerpenguin61) is or was running on a filtered machine; i.e.,
[snip]
> In my opinion, such servers are worse than not being on Tor, because
[snip]
> Do the Powers That Be have an opinion on the matter.  Seems to me that,
> without exclusively open exits, any group of people could get Tor,
> advertise exit, and then filter the crap out of what anyone can use Tor
> for....  Pretty easy attack, if you ask me....

Right. There's a tension between verifying and tracking trusted operators,
and letting any shmo run a server. For now we're tending towards the
latter.

It is possible to un-recommend specific bad servers. The way it works
is that the directory servers recommend to clients which servers are
usable for exit. Up until Tor 0.0.9.x, we needed to explicitly approve
your node before you could be used. Now, if you pass a few rudimentary
checks then you're automatically able to be used. We'll keep tweaking
things (or totally changing our mind) until we're happy.

So as you find servers that are filtering exits, please come to the
IRC channel and tell us. We'll track them down and get them to correct
it (like in the case of powerpenguin61), else we'll un-recommend them.

One of the important tasks as we move forward is to make these automated
checks better. But we're never going to be able to entirely find all
the subtle ways in which people might change content. It goes back to
our original statement about exit node risk: if you need some sort of
end-to-end data integrity checking, like SSL, then you should use that
whether or not you use Tor.

Hope that helps,
--Roger