[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

RE: How do we defeat exit node sniffing?

Title: Message
I think you could make a case for trusting 1 or a handful of exit nodes, and use ExitNodes abc and StrictExitNodes 1 to make sure you only use those for sensitive authentication connections like you are asking about.
For example, do you think blutmagie is sniffing?  When it is trusted as a V2 and Hidden Service Directory Authority?
Or BostonUCompSci?  It would be kind of embarrassing to Boston University wouldn't it, if they were found to be sniffing?
It is probably too much to expect at this point, though, that a list of trusted exit nodes will be publicly compiled.  I think you have to do your own investigations and come up with your own list.
-----Original Message-----
From: owner-or-talk@xxxxxxxxxxxxx [mailto:owner-or-talk@xxxxxxxxxxxxx] On Behalf Of defcon
Sent: June 5, 2008 6:36 PM
To: or-talk@xxxxxxxxxxxxx
Subject: Re: How do we defeat exit node sniffing?

so what do you all suggest if I must authenticate to a non ssl connection?  How do I do it anonymously and safely?

On Thu, Jun 5, 2008 at 5:37 PM, Christopher Davis <loafier@xxxxxxxxx> wrote:
On Thu, Jun 05, 2008 at 05:01:34PM -0700, defcon wrote:
> What are some good ways to defeat exit node sniffing?  Is there a listing of
> good exit nodes that do not sniff?
> Thanks,
> defcon

Prefer TLS-enabled services, and mind the authenticity of server certs.
Or use Tor hidden services.

Christopher Davis