RE: How do we defeat exit node sniffing?

To: or-talk@xxxxxxxxxxxxx

Subject: RE: How do we defeat exit node sniffing?

From: Wesley Kenzie <wkenzie@xxxxxxx>

Date: Thu, 05 Jun 2008 21:49:05 -0700

Delivered-to: archiver@xxxxxxxx

Delivered-to: or-talk-outgoing@xxxxxxxx

Delivered-to: or-talk@xxxxxxxx

Delivery-date: Fri, 06 Jun 2008 00:49:31 -0400

Importance: Normal

In-reply-to: <a45400c30806051835u75d46afcs1acd73ed1b3f33@xxxxxxxxxxxxxx>

Reply-to: or-talk@xxxxxxxxxxxxx

Sender: owner-or-talk@xxxxxxxxxxxxx

Thread-index: AcjHdbC3qrP0Yde9SoqgcZQZMLwoEAAGNDEg

Title: Message

I think you could make a case for trusting 1 or a handful of exit nodes, and use ExitNodes abc and StrictExitNodes 1 to make sure you only use those for sensitive authentication connections like you are asking about.

For example, do you think blutmagie is sniffing? When it is trusted as a V2 and Hidden Service Directory Authority?

Or BostonUCompSci? It would be kind of embarrassing to Boston University wouldn't it, if they were found to be sniffing?

It is probably too much to expect at this point, though, that a list of trusted exit nodes will be publicly compiled. I think you have to do your own investigations and come up with your own list.

Wesley

-----Original Message-----
From: owner-or-talk@xxxxxxxxxxxxx [mailto:owner-or-talk@xxxxxxxxxxxxx] On Behalf Of defcon
Sent: June 5, 2008 6:36 PM
To: or-talk@xxxxxxxxxxxxx
Subject: Re: How do we defeat exit node sniffing?

so what do you all suggest if I must authenticate to a non ssl connection? How do I do it anonymously and safely?

On Thu, Jun 5, 2008 at 5:37 PM, Christopher Davis <loafier@xxxxxxxxx> wrote:

On Thu, Jun 05, 2008 at 05:01:34PM -0700, defcon wrote:
> What are some good ways to defeat exit node sniffing? Is there a listing of
> good exit nodes that do not sniff?
> Thanks,
> defcon

Prefer TLS-enabled services, and mind the authenticity of server certs.
Or use Tor hidden services.

--
Christopher Davis