[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Is "gatereloaded" a Bad Exit?

Thus spake tor@xxxxxxxxxxxxxxxxxx (tor@xxxxxxxxxxxxxxxxxx):

> On 31/01/2011 13:11, Jan Weiher wrote:
> >> Assuming the worse, and disregarding volunteer exit bandwidth without
> >> some proper investigation, doesn't sound like a good approach to me...
> > 
> > Nobody does that, but I think its fair to say that if you want that
> > somebody can contact you about your node, you publish your contact
> > details in the directory. And if you enter wrong contact infos, you made
> > clear that you dont want to be contacted.
> I don't think you can make that assumption. Maybe they just didn't want
> their email address to be public for spam bots to harvest. Maybe they're
> just used to not publishing their email address unless they really have
> to. Safest course of action: Figure out how to contact them, and ask them.

3/5 of the nodes provide contact info. 2/5 are run by "Joe Blow", and
the other is run by "nobody at example.com"

Just for grins, I did in fact send an email to Mr. Blow's gmail
address. It of course bounced. Which means it is available on gmail if
he wanted it, but he didn't even bother to create it. He's obviously
real intent on being a member of the community.

But don't worry, at some point Mr. Blow et al will realize that their
packet captures stopped grabbing passwords and are only seeing
encrypted middle and guard node traffic. They'll probably show up
then, proclaiming their innocence from the rooftops, demanding they be
allowed to "help" the network.

But do feel free to spend your time going above and beyond, trying to
track our 4 heroes down before then. I'm sure they're well worth your
time and effort to outreach. Pick a nice Saturday afternoon and spend
it calling ISPs and NOCs trying frantically to get in touch with our
unjustly punished martyrs here... Heck, take a day off work!

> > I think marking them as "bad"
> > and waiting for the admin to show up is the easiest way to go. Lets call
> > it a "cry"-test. Just wait until someone shows up and cries.
> It's the easiest, but the least efficient route. Somebody mentioned 6%
> of Exit bandwidth. How much effort would be spent trying to increase the
> capacity of the network by 6% via coding and/or publicity? Probably a
> lot more effort than would be required to try and contact these Exit
> owners and maybe retain the bandwidth.
> You make it sound as though running an Exit node is a privilege and that
> people who run them somehow owe the Tor project? They're volunteering
> bandwidth, for the benefit of the network. If you don't treat volunteers
> well, they will go elsewhere, and the people who lose out are the people
> who use the Tor network, not the people who previously ran Exit nodes.
> Exit bandwidth is a scarce and valuable resource, and should be treated
> as such.

It's not true exit bandwidth here. It's janky bandwidth with lots of
bad properties, such as the tendency to break mixed-mode websites as
Curious Kid pointed out, and the load balancing issues I mentioned. We
should do the same for all http-but-not-https exits for this reason.

Again, non-bittorrenting exits have a real hard time attracting enough
80+443 traffic. All of our metrics indicate they are not overloaded
the vast majority of the time, and tend to end up pushing half of the
bytes/sec as their bitorrent-supporting peers. There is plenty of
spare port 80 capacity. The network is bottlenecked in other ways
(probably actually in the queues of overloaded middle and guard nodes,
which these jerks would be more directly assisting).

Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpyk87yaC4mq.pgp
Description: PGP signature