Hi all, thanks a lot for your answers. I did some additional reading and now have a vague idea how tor exit enclaving works. As far as I understand, enclaving doesn't break tor anonymity and privacy. Quite contrary to this, anonymity may be even enhanced by it (https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#WhatisExitEnclaving). On the other hand, there are still some points coming up with the post of Eugen that remain unclear to me: 1. Eugen is posting this text from http://www.gabrielweinberg.com/blog/2010/08/duckduckgo-now-operates-a-tor-exit-enclave.html without any comment to this mailinglist. This blog enrtry looks alot like an adveritsment to me. Eugens intentions are hidden. So perhaps he is connected to duckduckgo.com in some way or perhaps he is not. 2. Why is it offering HTTP If duckduckgo.com really cares for the anonymity and privacy of its users, why do they offer unencrypted HTTP? Even if tor users are encouraged to use HTTPS, some of them will forget doing so. 3. "This site requires JavaScript." In my opinion this point is the worst: When I entered https://duckduckgo.com with NoScript enabled (my default) I can read the message "This site requires JavaScript." just below the search box. So duckduckgo.com wants its user to turn on java script. But with java script enabled your anonymity is nearly switched off. Perhaps duckduckgo.com's primary intention is not offering anonymous services. Probably they just want to offer another alternate search engine. And perhaps they just think offering a tor enclave is a nice addon. So perhaps in conclusion, they didn't think much about anonymity and privacy. I don't know it. But why was this ad posted to the tor mailinglist? just my 2c, Michael -- Michael Scheinost michael@xxxxxxxxxxxxx Jabber: m.scheinost@xxxxxxxxxxxxx GPG Key ID 0x4FF8E93B
Attachment:
signature.asc
Description: OpenPGP digital signature