[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: AN idea of non-public exit-nodes

     On Wed, 25 Nov 2009 12:21:39 -0500 Gregory Maxwell <gmaxwell@xxxxxxxxx>
>On Tue, Nov 24, 2009 at 8:05 PM, Ted Smith <teddks@xxxxxxxxx> wrote:
>> On Tue, 2009-11-24 at 19:49 -0500, Roger Dingledine wrote:
>>> See especially point #1: "even if we didn't tell clients about the
>>> list of
>>> relays directly, somebody could still make a lot of connections
>>> through
>>> Tor to a test site and build a list of the addresses they see."
>>> I guess we could perhaps add support for configuring your own secret
>>> exit node that your buddy runs for you. But at that point the
>>> anonymity
>>> that Tor can provide in that situation gets pretty fuzzy.
>> It's like a bridge, but for exits. They would probably have to be a lot
>> less friend-to-friend than bridges, but it might still be doable. I
>> think this is what the original poster meant, anyways.
>So non-disclosed bridges work because the entrance node always knows who
>you are, so having to arrange something with someone doesn't disclose
>much more information. It doesn't disclose where you are going.
>In the case of an exit the knows where you're going but not who you are.
>If you must arrange for access to the exit then the exit gets the opportunity
>to learn who you are.  Once the exit knows who you are than the whole purpose
>of tor is defeated.

     That's not how bridges work now, so your argument isn't applicable.
One finds out about bridges by getting them from a server, three at a time.
The same or some similar method could be used for exit bridges as well.
It's true that that does leave open the possibility that the operator of
the bridge info server were corrupt, but there is at least one way to reduce
that threat:  list a large number of exit bridges in one's torrc file.
     There is, though, a potential operational problem, and that is how to
let the typical user know that an exit bridge is no longer usable.  I'm not
sure how tor currently handles unreachable entry bridges listed in torrc,
so I don't know how big or small a problem this might be.  (I'm not a bridge
user--so far.)
>I can imagine a couple of possible cryptographic methods which would make a
>private exit unusable until there is a sufficiently large clique of people
>who could use the exit... but everything I can think of would be highly
>vulnerable to attack by setting up additional conspiring nodes.
>It seems to me that the cases where a private exit would be useful could
>be equally served by running a separate tor network.

     You are prepared, I suppose, to establish a separate network that is
as large as the current one?

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at cs.niu.edu                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/