[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] safety of exit nodes

> I have a concern regarding exit nodes in Tor. In my mind it is possible for
> an attacker to run a malicious exit server that gathers information at the
> exit point. Of course, this does not compromise anonymity per se, but it
> still can reveal sensitive data to malicious people. I think the JonDonym
> project handles this question better. To run a JonDonym exit server you need
> to be certified. Thus it is much harder to run a malicious JonDonym exit
> server. Why donÂt you offer better protection against malicious exit
> servers? I think safety of exit nodes is a serious concern.

What are you certifying? Against what? Monitored, protected and enforced
by what? Here is $1,000,000 and/or a baseball bat... you wouldn't mind
typing a few keystrokes for me or turning your head for a moment would
you now? Ahh, yes, thank you Mr. Exit, and a splendid friendship it is.

If you are concerned you may sample some exits, endeavour to review
their bona fides and then use one that meets your liking. You may even
form a project to wikify such reviews.

You should now understand why the Tor project cannot and will not
make such certifications, and why you should not trust JD's either.

[Off to recruit/deploy 10 more 'certified' employees/servers]
tor-talk mailing list