[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] new relays



On 08/28/2013 12:08 AM, Jon Gardner wrote:
Then why have exit policies? Exit nodes regularly block "unwelcome" traffic like bittorrent, and there's only a slight functional difference between that and using a filter in front of the node to block things like porn (which, come to think of it, also tends to be a bandwidth hog like bittorrent--so it doesn't have to be just a moral question).
I do not wish to comment on the morality or desirability of traffic filters, but on the implementation:

It is much easier to block the majority of BitTorrent traffic than it is to block specific content served through HTTP. Torrent traffic can be blocked by the reduced exit policy, which is a static whitelist of ports to allow. To do the same thing for content over HTTP, one would have to maintain a dynamic blacklist of IPs (or IP/port combinations) to block, which is much more challenging. An even more challenging alternative would be to implement deep packet inspection at the exit nodes—I think this is completely unpalatable to most Tor developers and exit node operators (and maybe illegal under US wiretapping laws).

Vincent

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays