[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Is "gatereloaded" a Bad Exit?

Thus spake tor@xxxxxxxxxxxxxxxxxx (tor@xxxxxxxxxxxxxxxxxx):

> > But don't worry, at some point Mr. Blow et al will realize that their
> > packet captures stopped grabbing passwords and are only seeing
> > encrypted middle and guard node traffic. They'll probably show up
> > then, proclaiming their innocence from the rooftops, demanding they be
> > allowed to "help" the network.
> The above may or may not be true. Would be nice to see some evidence. Or
> at least some evidence of somebody trying to find the truth.

The truth here is that these nodes are not behaving in a way that
encourages trust in their usage. All we ask is that they adjust their
exit policies to allow encryption, but there is no way to ask them
this, so they are badexited until such time as there is a way to
communicate with them. They will remain valid middle and guard nodes
until they rekey with policy supporting encryption (and the Exit

> > But do feel free to spend your time going above and beyond, trying to
> > track our 4 heroes down before then. I'm sure they're well worth your
> > time and effort to outreach. Pick a nice Saturday afternoon and spend
> > it calling ISPs and NOCs trying frantically to get in touch with our
> > unjustly punished martyrs here... Heck, take a day off work!
> Do you find that being condescending is a good way to get people to
> agree with you? I tend to find it fosters disrespect.

You're right. I apologize for my tone to you. 

I am merely frustrated with the amount of mental energy devoted to
what so plainly appears to me as a simple policy: If you carry the
unencrypted version of the service, you should carry the encrypted
version. I am just getting frustrated with the length of this thread
and still the lack of any valid, rational reason why this policy
itself is an unjust one.

It seems pretty plain to me that we're actually worried about offending
the sensibilities of people who for some unknown (but rationally
obvious) reason refuse to carry encrypted exit traffic.

So the idea that we should devote yet more effort to catering to
people whose motivations are extremely suspect (and who seemingly have
no real interest in being members of our community) is causing me to

> >> Exit bandwidth is a scarce and valuable resource, and should be treated
> >> as such.
> > 
> > It's not true exit bandwidth here. It's janky bandwidth with lots of
> > bad properties, such as the tendency to break mixed-mode websites as
> > Curious Kid pointed out, and the load balancing issues I mentioned. We
> > should do the same for all http-but-not-https exits for this reason.
> If exiting port 80 but not port 443 causes problems for Tor, then Tor
> should be updated so you can't offer one without the other. This is a
> problem with Tor, not with Tor exit operators.

Sure. Perhaps we will include such a patch as part of
https://trac.torproject.org/projects/tor/ticket/2395. Or, perhaps it
will just be a second-order effect that means you're just not used as
often because you're not a true Exit (which is already the case for
these nodes to some extent).

But again, I think this is more of a long-term idea.

In the meantime, we can enforce this policy with code on the exit
scanning end, by emailing everyone with valid contact info who exits
to 80 but not 443, to start (as that is the most obviously broken

Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgputG0AB0yFu.pgp
Description: PGP signature