[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Reminder: don't run transparent proxies at exits

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Reminder: don't run transparent proxies at exits
From: eric gisse <jowr.pi@xxxxxxxxx>
Date: Fri, 9 Jan 2015 21:21:19 -0600
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 09 Jan 2015 22:21:30 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=7BgBXfEIi101RCCVHaYKxyzsW9oYedV3v62yqPOjprc=; b=TYm8Ch17a8q504VgZq6yBpLaKt7Q/0utVjEdfDkNmMkE3KcFZOiD8/WBngGwmkFl2x 1FQa7DLbYkvh37O8aOcUaUruBNDeRBzcMVpVxGxvrPY6MBIvbioUvEmDOJZdHHxMkcmj JgQd0NsuItRjNaynGloGipr8HAxOUE/Y+fyn8sy708th+FJiO4X6TUHjDdpZtEk22xVd JQd5Rch4+AWUAZOUYXJAbMbcX+f312DA2cso7IS4AmmowtHNzutCj5WLBpRXSRw233At bYX5VvDhjAYNcKj68IRyDW2+m6teScjezd8rGDYQ2et6AY7vWrGtKk5QRo8CDkkz7AUf aLHA==
In-reply-to: <CAKCAbMgKt_t7yb+TcZooaGOJD-iNH6DbcLqFaGyzmRAUtj8PcQ@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CAKDKvuwe8_nZkPH-RhaRjxapfvgDVThiSxteZ+SoC9Lx+WCQ5g@xxxxxxxxxxxxxx> <CAHZ_AjuH9R=6dpD_C0MkurhFdC7j+D2aDsVfZxqq2H-d2PB0tQ@xxxxxxxxxxxxxx> <54B0726D.3000009@xxxxxxxxxxxxx> <CAHZ_AjuC+faZJSOfYuLYisOigObdQ9ou6JgJ62nK1OYS4rjXvA@xxxxxxxxxxxxxx> <54B08BE4.2030403@xxxxxxxxxxxxx> <CAKCAbMgKt_t7yb+TcZooaGOJD-iNH6DbcLqFaGyzmRAUtj8PcQ@xxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

That's my point. The logic applies to either both or none.

Plus the logic starts to get warped when you wonder "So do you BadExit
every node that runs on an ISP that caches traffic?"

What about ISP's (and openDNS) that NXDOMAIN trap to insert advertising?

Regarding 'cached evidence', logs are short term for diagnostic
purposes and shredded. Nothing identifiable is logged, which would be
annoying to get to due to LUKS encryption of the entire filesystem.

The exit node burns through about 20mb/s continuously. Fundamentals of
tor design and sheer volume of noise make this a toughie.

On Fri, Jan 9, 2015 at 8:35 PM, Zack Weinberg <zackw@xxxxxxx> wrote:
> On Fri, Jan 9, 2015 at 9:18 PM, cacahuatl <cacahuatl@xxxxxxxxxxxxx> wrote:
>> If you're caching exit traffic and a very naughty person uses your exit,
>> you've potentially cached "evidence" (to be seized).
>
> That logic applies equally to DNS; indeed, it is why the CMU Tor exit
> *doesn't* run a DNS cache.
>
> (It talks to CMU's DNS servers, which do cache, but for the entire network.)
>
> (If you can't trust your network provider's DNS resolver, the tradeoff
> may be different.)
>
> zw
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Reminder: don't run transparent proxies at exits
  - From: Dave Warren
- Re: [tor-relays] Reminder: don't run transparent proxies at exits
  - From: Drake Wilson

References:
- [tor-relays] Reminder: exit nodes probably shouldn't be using Google's DNS servers
  - From: Nick Mathewson
- Re: [tor-relays] Reminder: exit nodes probably shouldn't be using Google's DNS servers
  - From: eric gisse
- Re: [tor-relays] Reminder: don't run transparent proxies at exits
  - From: Nusenu
- Re: [tor-relays] Reminder: don't run transparent proxies at exits
  - From: eric gisse
- Re: [tor-relays] Reminder: don't run transparent proxies at exits
  - From: cacahuatl
- Re: [tor-relays] Reminder: don't run transparent proxies at exits
  - From: Zack Weinberg

Prev by Author: Re: [tor-relays] Reminder: don't run transparent proxies at exits
Next by Author: Re: [tor-relays] Reminder: don't run transparent proxies at exits
Previous by thread: Re: [tor-relays] Reminder: don't run transparent proxies at exits
Next by thread: Re: [tor-relays] Reminder: don't run transparent proxies at exits
Index(es):
- Author
- Thread