Re: torcheck failing in reality

[tor-ml@xxxxxxx]

On Wed, 18 Aug 2010 17:57:59 +0000 Marcus Griep <tormaster@xxxxxxx> 
wrote:
>> I guess check.torproject.org (btw: you should allways use the 
>https
>> version of it) just compairs your source IP with the list of 
>exit-
>> nodes (what else should it be doing?).
>>
>
>Might this be an instance where good, always working exit 
>enclaving might be
>of significance?

I also thought about this, but this might result in 'false-
negatives' (the check tells you your are not using tor even if you 
do) in the following scenario:

- you are using tor and check.torproject.org is (hypothetically) 
running as exit enclave
- the check is (hypothetically) just matching against 127.0.0.1 
(localhost = tor user, other = non-tor user)
- it might be the case that you are reaching check.t.o over the tor 
network and the check tells you, that you are not using tor, 
because you used another exit node instead of check.t.o itself
According to [1] this is case if your client has not yet fetched 
the node descriptor of check.t.o and is therefore using another 
exit node instead of using check.t.o

[1] http://archives.seul.org/or/talk/Aug-2010/msg00065.html

The other question would be:
Is it a problem that check.t.o tells you that you are using tor 
even if you don't? (in the case that your source IP address is also 
used by an exit node)

If you follow the 'official' recommendations to not mix your 
traffic with that of an exit node (even if this is very attracting) 
[2] this 'problem' will never arise.

[2] https://blog.torproject.org/blog/tips-running-exit-node-minimal-
harassment

There might be scenarios where you are behind a NAT device and you 
do not even know that someone else is running a tor exit using the 
same official IP address.





***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/