[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Tor Geolocating exit nodes.



If your goal is to choose an exit specially to minimize risk of it being run by a malicious actor, it seems choosing exits run by orgs you trust would be better than choosing based on where someone is hosting a server.

But yes, you can choose exits by country.  I'm not saying it's a good idea or that hard choosing exits in any fashion is good for the network. (It's not.)

http://www.2byts.com/2012/03/09/how-to-configure-the-exit-country-on-tor-network/
http://tor.stackexchange.com/questions/733/can-i-exit-from-a-specific-country-or-node

-tom

On Jun 18, 2014 1:41 AM, "JP Wulf" <wulf.jp@xxxxxxxxx> wrote:

So Griffin Boyce is canvasing for some input to improve Tor, specifially for Journalists.
https://twitter.com/abditum/status/479052228138119168

1. It is known that various actors are trying to compromise Tor comms by establishing
own exit nodes. With enough nodes, they can break Tor (see slides).

2. Idea: Is it possible to allow the end user to determine the geo-location (with various degrees of fine tuning from hemisphere, through continental, to top country domain to regional?
(I have NFI about the inner workings of TOR protocol and new work on it)

For example. Say a journalist in Russia is using Tor, s/he declares in their tor client, that they only want to use exit nodes in South America and Australia. Thus minimising the chance the nodes are owned.

This geolocation could perhaps be used to validate the integrity of the nodes (how I dont know, maybe by establishing TOR honeypots that can only be compromised through traffic through a compromised (owned) exit node).

Risk:
This is a rats nest, because if implemented incorrectly it may allow hostile actors to direct exit nodes to those that are owned.

Thanks for reading my fiction. Maybe its useful in the light of what Griffin is asking about.


--
JP Wulf
Problem Solution Engineering
http://nomeonastiq.com/

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev