[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
--- On Wed, 2/18/09, slush <slush@xxxxxxxx> wrote:
> > Yes, but exit nodes already no where your traffic is
> > going (and on which port), middle and entrance nodes do not.
> You probably mean "exit nodes already know"?
Yes, wow my English was pretty poor in that post, sorry. ;)
> > If they did, it would defeat the purpose of tor I
> > believe.
> Of course, middle nodes have no idea about data they are
I guess I misunderstood you, sorry. It sounded like you
were suggesting that middle nodes treat such data
differently. I guess you were only referring to exit
> There isnt any relation between "type of traffic"
> (port) and user. Exit node
> dont know this relation - and it is purpose of Tor. But
> exit nodes know
> target IP/port (it is used in ExitPolicy construct) and I
> think it can be
> handful to support also prioritization. With same reason as
> ExitPolicy. It
> is technically possible and I donst see any security issue
> with that.
Makes sense, if you are suggesting to add prioritization
to exit nodes only. Additionally, I would suggest that
per port (and even destination IP) rate limiting (instead
of prioritization) would be more useful in some cases.
For example, prioritization would be good for bittorrent
since it is primarily considered abusive to the tor
netowork, but may well not (opinions on this vary surely)
be used to abuse services outside of tor. Thus, if the
bandwidth is there, why not let tor transport such
traffic since it would not then be hurting tor?
On the other hand email is an example where perhaps rate
limiting would be a better solution? Since spammers may
use tor to abuse people outside of tor even if there is
plenty of bandwidth in the tor network. As much as I
hate SPAM, it always bothered me that the default exit
policy (for good reason) prohibits the use of port 25.
Since there are very good legitimate reasons to want to
email anonymously, a very low bandwidth rate for email
might still make it usable for emailing anonymously but
not for SPAM.
Today, if you want to us tor for email you are probably
severely limiting your exit node choices which means
that you may be compromising your anonymity. Yet, there
may still be some high bandwidth exit nodes which allow
port 25 making it useful for spammers but not for
other anonymity seekers!
With rate limiting, you could make the default exit
policy extremely bandwidth restrictive for port 25,
but yet still open. This would mean that anonymity
would potentially be improved without making tor more
attractive to spammers. In fact, overall port 25
bandwidth could even potentially be decreased in the
tor network without detracting from email anonymity.
In other words, from an anonymity standpoint, it
seems like you would ideally want all exit nodes
to open up every port, even if they drastically
rate limit the 'evil'/abuse oriented ports?
This way if you have to use a service on the evil
port, you can still do it without sacrificing
anonymity (by being severely limited in you exit
node selection), but you may have to suffer a
very slow connection making abuse less likely.
If you are really creative (and desperate,) ;) you
could probably already achieve port rate limiting
by just running several exit nodes with different
exit policies and bandwidths. And prioritization
and rate limiting could probably both be achieved
by adjusting the bandwith and CPU of the
nodes with some OS parameters, i.e. nice+20 for
CPU and other mechanisms for network usage.