[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] Thoughts on proxy setup wrt insecure connections
After the whole discussion about "gatereloaded" and "badexits" I was
thinking a bit about the discussion and wondering if there is a way to
add a bit more protection to people who are, well, newbs. As one article
"many who use Tor mistakenly believe it is an end-to-end encryption
tool. As a result, they aren't taking the precautions they need to take
to protect their web activity. "
This is a similar, but not exactly the same problem. Clearly blocking
all port 80 would be pretty harmful to a lot of use. However, for
protocols like pop3 or imap, the case for allowing them is clearly not
as strong, though, the case for banning them completely or requiring
exit nodes to carry both is... pretty dubious (especially given that
some people will run things on non-standard ports anyway).
So here is my thought, what do people think of a configuration item in
tor, setup to be "on" by default, which blocks attempts to go to certain
ports at the proxy level, but allows users to turn this "protection" off
if they wish to? Maybe make the list of blocked ports configurable.
Logically, this doesn't present the same problems as differing lists of
failed exits, as a router blocking access to a port directly through its
socks proxy is going to be indistinguishable from one that is just not
making such connections in the first place.
It also means that I have less of a chance of accidentally leaking a
password because I was setting up a new email client and hit "apply" (or
whatever) before I turned on SSL, and it tried to go get my mail.
Could have it log, and have vidalia look explicitly for those messages
in the logs and pop up a message "It seems you are trying to access
insecure data ports...."
I will note, polipo already does this.... I found this out when I
decided to be cute and try running a web service on a hidden service on
port 1 for shits and giggles.
tor-talk mailing list