[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: DuckDuckGo now operates a Tor exit enclave

On Sat, Aug 14, 2010 at 12:19 PM, morphium <morphium@xxxxxxxxxxxxx> wrote:
>> An "exit enclave" is when a service operates a Tor exit node with an
>> exit policy permitting exiting to that service. Tor will automagically
>> extend circuits built to that host from three hops to four, such that
>> your traffic will exit on localhost of the service you are intending to
>> use. This means that users will use DDG's node when building circuits
>> that terminate at duckduckgo.com or whatever.
> Oh cool, so I declare my Tor exit node as an enclave for
> emailProviderNotUsingHTTPS.com and can get a lot of passwords?
> Thats easy!
> I hope enclaves in that sense don't exist! I hope thats a
> misunderstanding! Such a thing would be pretty bad!

Why don't you search the archives? The exit enclave functionality has
been discussed many times.  It only happens when the service the user
is connecting to and the exit have the same IP.

Moreover, the attack you're describing already existsâ though I don't
know if I should encourage people shove beans up their noses by going
into the details here.
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/