[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Opt-Out Lists: Useful Feature?

On Wed, Feb 09, 2005 at 11:16:47AM +0100, Matthias Fischmann wrote:
> bugmenot.com has this in their faq:
> > Q: Are you going to bankrupt my paid content service?
> > A: See above. If you are losing sleep over this then email the url and
> > we'll add your site to the "automatically blocked" list.
> I was wondering whether tor should have something like that on the eff
> pages.  It should be easy enough to extend the configuration file
> language to something like
> ExitPolicy whitelist file:/etc/tor/these_are_my_friends.txt
> ExitPolicy blacklist https://tor.eff.org/google_groups_and_such.txt
> ExitPolicy blacklist https://tor.eff.org/opt-out_sites.txt
> The first one is merely syntactic sugar to what already is there,
> while the other two are a little different.  Every operator would
> still be free to pick any policy.  But it doesn't seem much of an
> effort to implement it to me, and it would be considerably faster to
> propagate flawed sites.  Also, overall hostility towards the project
> would be reduced by making an effort to be nice even to people who
> don't understand internet identity management.
> On the downside, it would centralize policy at least to some extent,
> block sites that may otherwise be too lazy to protect themselves
> manually, and of course opt-out lists aren't very likely to be honored
> on all tor nodes anyway.  I don't know, just an idea.

Another down side is that we'd need some way to keep people from
opting out *other* sites -- effectively DoSing them. Plus, as you say,
a centralized point of control (never good from a legal perspective)
endangers anonymity since we can with short notice influence the set of
sites a given user might be exiting from.

Also, it's not clear how services would realize that Tor is doing the
connections. How does this work for bugmenot? Anonymous remailers can
put notices in the mail headers ("this is an anonymous remailer, mail
this address for abuse problems"), but since Tor abstains from knowing
about the application-level protocols, this seems hard in the general

One other thing that's been bothering me is that the directory grows
as exit policies get increasingly complex. That is, we try to describe
each exit's planned actions in the directory, so the client can predict
which nodes will allow his requests. We might try to describe the exit
policy in broad strokes in the directory, and then clients will keep
trying likely exits until one works; but this increases latency, and
nobody seems to like that.

You're right, nodes with liberal exit policies ("liberal" meaning allowing
port 80, which carries pretty much every protocol these days) are going
to keep having problems until we figure out a more fine-grained solution
for this. Hm.