[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: getting more exit nodes

On Sunday 20 April 2008 12:32:19 Alexander Bernauer wrote:
> Hi
> The CCC local group Rheintal [1] is currently working on a solution to
> get much more Tor exit nodes which we think is a major problem of Tor.
> The basic idea is to develop a browser plugin which while active turns
> the computer into both an Tor client and a Tor exit node. The target
> group is a Windows XP or Vista user with almost no technical skills but
> fear of pop-ups asking strange things. We are experienced in providing
> and promoting security software to them [2] and we beliefe that this
> solution will be accepted and widely used.
> To get the software done I would like to discuss the technical aspects
> here.
> The bigest problem we see are those personal firewalls which prevent
> running a normal Tor server. Therefore this machine needs to open a
> client connection. That's why we call it a client-exit node.
> So we need some servers for the client-exit nodes. This nodes we call
> pseudo-exit nodes. The reason for this is that Alice selects this node
> as exit node for its circuit but the traffic gets routed to the
> client-exit node. So the pseudo-exit node doesn't appear in the server
> logs.

This is an interesting idea - I submitted a proposal with broadly similar aims a 
little while ago. Though the approach was completely different.

I suggest you write the idea up using the proposal format and post it to or-dev. 
That process will help you consider the security/anonymity implications of what 
you're suggesting. It will also reveal if there are any tricky implementation 
issues that need working out.

A couple that occur to me:

- Client traffic is being routed through an exit node that was not explicitly 
chosen by the client. Does this have any unintended consequences for anonymity?

- Should pseudo-exits mark themselves as vanilla exits, or as something else?

- What exit policy should they advertise?

- How do the client-exits authenticate themselves to the pseudo-exit? Do they 
upload descriptors to the authorities?

> This means that every Tor node can become a pseudo-exit node without any
> additional law enforcement risks. Given that all Tor nodes are
> pseudo-exit nodes a client-exit node would select a Tor node at random
> and connect to it. As soon as a pseudo-exit node has at least one
> connection to a client-exit node it registers itself at the directory
> server as a normal exit node. From now on everything goes the normal way
> except that the pseudo exit nodes passes the traffic which would
> normally go out of the Tor network to the client-exit node.
> This is the basic idea. I'm sure there are technical aspects we missed
> or assumptions which are wrong. So I would appreciate if you could point
> us on them.
> We tried hard to find a solution which would not require patching
> existing Tor nodes. But we didn't find any. Maybe we do in this
> discussion.
> [1] http://ulm.ccc.de/Rheintal
> [2] http://www.dingens.org
> regards

Attachment: signature.asc
Description: This is a digitally signed message part.