[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Is "gatereloaded" a Bad Exit?

     This bounced, thanks to there having been no alias installed at
freehaven.net to forward or-talk@xxxxxxxxxxxxx followups to
tor-talk@xxxxxxxxxxxxxxxxxxxxx  :-(  I edited a few words before this repost,
but did not change anything important, so I haven't copied Justin in on it
this time.  I imagine he will see it on the new list anyway.
     On Mon, 14 Feb 2011 14:17:45 -0500 "Aplin, Justin M" <jmaplin@xxxxxxx>
>On 2/14/2011 7:48 AM, grarpamp wrote:
>> If another example is needed, not that one is; Corporate, edu and
>> other LAN's sometimes think they can block 'ooo, encryption bad'
>> ports so they can watch their user's plaintext URL's with their
>> substandard vendor nanny watch tool of the day. All the while their
>> staff laughs at them as they happily tunnel whatever they want over
>> that (perhaps even the client or exit parts of Tor). Yes, this kind
>> of joke exists :)
>Although I've been keeping out of this argument for the most part, and 
>even though I'm leaning towards seeing things Mike's way, I just wanted 
>to comment that I've actually been in an environment like this several 
>times, once at my previous university, and once working for a local 
>government organization. As asinine as such reasoning is on the part of 
>the network administrator (or the person who signs their checks), I can 
>see why the *ability* to run strange exit policies could be a good 
>thing, and should be preserved in the software.

     Not only that, but Mike's threat to force unencrypted ports to be
paired with encrypted ports in exit policies would defeat those of us who
might well be willing to allow encrypted exits but not unencrypted exits,
say, for hassle-prevention reasons.  Until I ran afoul of Comcast's bait-
and-switch marketing, I used to allow exiting on 443, but restricted exiting
on 80 to a limited list of destinations that I felt reasonably sure would
not cause me grief.  Mike's policy would reduce the supply of exit nodes
offering 443 and possibly other encrypted ports.
>However, I see no reason why providing an anonymous contact email would 
>be so hard. Certainly if you're going out of your way to avoid [insert 
>conspiracy of choice] in order to run a node, you have the skills to use 
>one of the hundreds of free email services out there? I don't think 

     I see.  Why not separate the contact issue from the exit policy issue
by simply flagging every exit node lacking contact information as a BadExit?
Of course, that will require some poor sucker to attempt to review every
exit's contact information to verify its validity because, at present, one
can put just about any garbage into the ContactInfo line.  At least that
would leave operators free to choose whatever exit policy worked for them.

>asking for a tiny bit of responsibility on the part of exit operators is 
>too much to ask, and I'm amazed that "allow them to continue to function 
>as middle nodes until they explain why their node appears broken or 
>malicious" is continually being turned into some kind of human-rights 
     That's news to me.  What I saw was a unilateral decision, accompanied
by a threat of further such decisions, made by a single tor developer in
contradiction to the tor documentation and a policy/feature selling point
for running tor exit nodes that is made both in the documentation and on the
project's web site.  There has already been, you may have noted, a contrary
opinion posted here by another tor developer.  That means the development
team did not have a consensus view at the time of that response.  It will be
interesting to see whether those are the only two factions among the team and,
in any case, which faction will ultimately prevail.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at cs.niu.edu                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
tor-talk mailing list