Re: Safe destinations

[Erik Heidt <erik.heidt@xxxxxxxxxxxxxxxx>]

Gregory -

I have been struggling with a similar question. I do not have an answer as to the perfect list of 'safe' sites (wikipedia is at the top of my list). But I have authored a bash script to turn a list of domains ( mail.google.com, wikipedia.com, etc.com) into rules....

The following script looks for a file called torTarget.txt, and for each FQDN it:

- Looks up the first ip on the DNS record

- Assigns port 80 by default

- If the word "mail" appears in the FQDN, then I assume that this is a webmail service and force port 443

- Adds google talk

The output needs to be placed in the torrc file by hand and replace any existing policies.

Here is the script:

#!/bin/sh

#

# If dig fails, try installing the dnsutils package

# e.g. sudo apt-get install dnsutils

#

echo 

echo "# Target List Generated `date`"

echo "#"

echo

cat torTargets.txt | sort -f | while read site

do

 if echo $site | grep -q "mail"

 then

  port="443"

 else 

  port="80"

 fi

 dig +short $site | sort | head -n 1 | while read ip

 do

  echo "ExitPolicy accept\t $ip:$port    \t# $site "

 

 done

done

echo

echo "ExitPolicy accept\t *:5222 \t# Google Talk"

echo

echo

echo "ExitPolicy reject    *:*"

echo

echo "# End of Exit Policy"

echo "#"

Cheers, 

Erik

On Thu, Jul 2, 2009 at 11:12 PM, Gregory Maxwell <gmaxwell@xxxxxxxxx> wrote:

There are many people who would like to run tor exits but whom don't
because of the inevitable flood of abuse complaints.

At the same time, there are a great many high traffic destinations on
the internet which have little to no complaint potential because they
are effectively read-only or are otherwise understood to be
tor/anonymity friendly.

[snip...]