[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: reconsidering default exit policy

To: or-talk@xxxxxxxxxxxxx
Subject: Re: reconsidering default exit policy
From: Rod Begbie <rodbegbie@xxxxxxxxx>
Date: Wed, 16 Mar 2005 15:49:24 -0500
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Wed, 16 Mar 2005 15:49:55 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=fOrL3S1mRcl5EU7MYgmZkDUao4fdhnyVj/ksw0D79FFfADE+tPBbO+3NnKAVlpc0qRMYzePdm2NKFPSAOnI6LFcPNZ4g7AZ/Edm9LcaRSgRT+4OioJf7J6fvB6yKg//DF5OKHbhbIlfrKXr8TrRgqW8OnRYwwLarg/0usYx3Kec=
In-reply-to: <20050316124710.GE21814@northernsecurity.net>
References: <20050311142943.GA21617@eecs.harvard.edu> <20050311194453.GN28567@eff.org> <20050311202453.GA22908@csail.mit.edu> <4232F544.6090502@pobox.com> <ee95cb32050312075217f4d19e@mail.gmail.com> <20050312160032.GA30293@northernsecurity.net> <ee95cb3205031408235bd2de20@mail.gmail.com> <20050314231358.GA2985@northernsecurity.net> <ee95cb3205031508567ac57efa@mail.gmail.com> <20050316124710.GE21814@northernsecurity.net>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 16 Mar 2005 13:47:10 +0100, Thomas Sjögren
<thomas@xxxxxxxxxxxxxxxxxxxx> wrote:
> #ExitPolicy reject *:80 # deny http, otherwise use the default
> policy  

That doesn't convey the *risk* involved in to the person running the
node.

Ignoring the theoretical complaints to your ISP that can come from
opening any port for exit...

Currently, there are (to my knowledge) four services that, due to
proxy abuse, use IPs to blacklist access:

* SMTP (blocked by default policy)
* Usenet (blocked by default policy)
* Web content systems (bulletin boards, wikis, blog comments, etc)
* IRC

Not warning a user in (metaphorical) BIG FLASHING LETTERS that
running as a tor Exit node in its default setting can cause them to
get blocked from the last two is, IMO, a colossal mistake that will
cause disgruntlement towards the Tor project.

If people understand the risk, they can feel free to take it to
further the goals of the project.  But asking people to take this
risk without warning is, in my opinion, a foolish and selfish thing
to do.

DMCA Safe Harbor rules may reduce the risk of getting kicked off your
ISP, but the fact that my Mac at home is in the Wikipedia block list
is not something I'm too happy about.

Rod.

- -- 
:: Rod Begbie :: http://groovymother.com/ ::

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQjibzTf2HVyMgMNfEQKmHgCdFNZxmVHZ4/wZsIvPgefVa4rurOoAoJAB
nqgaJxk+bYBAiUXjNGfR9CHB
=Yu4I
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: reconsidering default exit policy
  - From: Thomas Sjögren

References:
- Re: reconsidering default exit policy
  - From: Geoffrey Goodell
- Re: reconsidering default exit policy
  - From: Chris Palmer
- Re: reconsidering default exit policy
  - From: Jonathan D. Proulx
- Re: reconsidering default exit policy
  - From: Valient Gough
- Re: reconsidering default exit policy
  - From: Rod Begbie
- Re: reconsidering default exit policy
  - From: Thomas Sjögren
- Re: reconsidering default exit policy
  - From: Rod Begbie
- Re: reconsidering default exit policy
  - From: Thomas Sjögren
- Re: reconsidering default exit policy
  - From: Rod Begbie
- Re: reconsidering default exit policy
  - From: Thomas Sjögren

Prev by Author: Re: reconsidering default exit policy
Next by Author: (FWD) privoxy.tor: Script control privoxy's tor.
Previous by thread: Re: reconsidering default exit policy
Next by thread: Re: reconsidering default exit policy
Index(es):
- Author
- Thread