[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Safe destinations



Quoth Gregory Maxwell <gmaxwell@xxxxxxxxx>, on 2009-07-02 23:12:23 -0400:
> There are many people who would like to run tor exits but whom don't
> because of the inevitable flood of abuse complaints.
> 
> At the same time, there are a great many high traffic destinations on
> the internet which have little to no complaint potential because they
> are effectively read-only or are otherwise understood to be
> tor/anonymity friendly.
> 
> Examples include most news sites, virtually all CDN services (used to
> distribute images by large sites), freenode IRC,

Last I checked freenode specifically bans regular connections from Tor
exits, including from ones that don't exit to them, and in fact I
think from all relays though I'm not as certain about that.  They
require that you switch to the hidden service or else do some kind of
wonky registration.  Their network is now on my list of places never
to connect again because of this.

> How awful would it be to create a community managed list of 'safe
> destinations' distributed by the directory servers as a single object
> which exit operators could include in in their exit policies and
> further refine with local rules?

My initial impulse would be to allow end sites to declare that they
are willing to receive connections via Tor.  Using DNS records, for
instance, of a style like:

  _toraccept.example.net TXT "toraccept1: 80,443,6667,9000,7777,9999"
    (and/or)
  _toraccept.23.2.0.192.in-addr.arpa TXT "toraccept1: 5234,5269,11000-11999"

Obviously you could include other information about which nodes should
try to exit there, or other such stuff.

Problems with this:

  - It seems to require considerable changes to the design of exit
    node selection, but I don't understand that well enough to know
    in detail.  That's potentially a deal-breaker.
  - The DNS queries allow for more explicit distinguishment of Tor exit
    traffic from other unrelated traffic, since the latter will never
    see the requests for _toraccept records.  There are forms of
    obfuscation that could alleviate this.
  - End sites who would be willing but don't care won't spend the energy
    to add the records, so you'd still have to supplement it with some
    other list forms if you wanted to have serious Internet coverage.

   ---> Drake Wilson