[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] exit-node block bypassing

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-dev] exit-node block bypassing
From: Ximin Luo <infinity0@xxxxxxx>
Date: Tue, 31 Dec 2013 12:07:32 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 31 Dec 2013 06:07:44 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.1.1

Hey all,

Flashproxy[1] helps to bypass entry-node blocks. But we could apply the general idea to exit-nodes as well - have the exit-node connect to the destination via an ephemeral proxy. The actual technology probably needs to be different since we can't assume the destination has a flashproxy (websocket/webrtc) PT server running, but we could probably find a technical solution to that.

However, I talked this over with a few people and there might be legal and security issues. A few points:

- running an exit node carries a great risk, it would be bad/unethical to let ephemeral proxy runners take this risk
- (for security reasons we don't fully understand) there is a process for trusting exit nodes and/or detecting misbehaviour (I see badexit emails from time to time). this would be made much harder if exits were ephemeral. 
- someone could create a massive number of ephemeral exit nodes and capture a lot of exit traffic, giving them extra data to de-anonymise people.

I was wondering if any of these have been discussed in depth before already, or if the general topic of exit-node block bypassing is something to be explored.

X

[1] http://crypto.stanford.edu/flashproxy

-- 
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] exit-node block bypassing
  - From: Jeroen Massar

Prev by Author: Re: [tor-dev] Slight obfsproxy API change (#10342)
Next by Author: Re: [tor-dev] exit-node block bypassing
Previous by thread: [tor-dev] TBB 3.5 build failure
Next by thread: Re: [tor-dev] exit-node block bypassing
Index(es):
- Author
- Thread