[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] TorBirdy doesn't work with Gmail?

Thanks for the explanation. For now we're in the middle of including the
blutmagie list. But yes, switching off the entire system if there's
evidence of recent Tor usage is an alternative approach we should consider.

On Fri, Jun 7, 2013 at 1:42 PM, tagnaq <tagnaq@xxxxxxxxx> wrote:

> Hash: SHA512
> > The issue is that we're scraping
> > http://exitlist.torproject.org/exit-addresses and, for example,
> > does not appear in that list. However, it is listed on
> > torstatus.blutmagie.de and apparently it is exiting traffic.
> I suppose it is a timing/delay issue since is included in
> the current version of
> http://exitlist.torproject.org/exit-addresses
> now.
> > I am not sure how such confusion can arise. Doesn't Tor rely on
> > centralised directory servers to find exit nodes? Why would a node
> > appear in one list but not another? Is it expected that the
> > official exit list is incomplete?
> Generally speaking you can never say that a user that is coming from
> an IP address that is *NOT* listed as an exit node is *NOT* coming
> through Tor.
> This is because Tor exit relays might use separate IP addresses on
> inbound and outbound traffic.
> The inbound address is announced and can be found in the consensus but
> the outbound traffic (the one gmail.com will see) is not necessarily
> the one that can be found in the consensus if a server is specifically
> configured to do so or if he is behind a NAT.
> So I would suggest to allow *ANY* IP address as soon as you know that
> the actual user specifically opted-in to be a "Tor gmail user" (if the
> user completed one of your two options described) - any other approach
> will only mean trouble for Tor users on the long run.
> thanks for bringing this up here!
> tagnaq
> iF4EAREKAAYFAlGxxyoACgkQyM26BSNOM7YowwD/bGtkC3mxu1GCackp3r/LoUqq
> Ctk1q0OqIsEJ7Hd73Y4A/AqlPAtppZqdgNucIDd4A00eBr6JoAAWRHNod2xtwlHS
> =zgs2
tor-talk mailing list