[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Reminder: don't run transparent proxies at exits



That's my point. The logic applies to either both or none.

Plus the logic starts to get warped when you wonder "So do you BadExit
every node that runs on an ISP that caches traffic?"

What about ISP's (and openDNS) that NXDOMAIN trap to insert advertising?

Regarding 'cached evidence', logs are short term for diagnostic
purposes and shredded. Nothing identifiable is logged, which would be
annoying to get to due to LUKS encryption of the entire filesystem.

The exit node burns through about 20mb/s continuously. Fundamentals of
tor design and sheer volume of noise make this a toughie.

On Fri, Jan 9, 2015 at 8:35 PM, Zack Weinberg <zackw@xxxxxxx> wrote:
> On Fri, Jan 9, 2015 at 9:18 PM, cacahuatl <cacahuatl@xxxxxxxxxxxxx> wrote:
>> If you're caching exit traffic and a very naughty person uses your exit,
>> you've potentially cached "evidence" (to be seized).
>
> That logic applies equally to DNS; indeed, it is why the CMU Tor exit
> *doesn't* run a DNS cache.
>
> (It talks to CMU's DNS servers, which do cache, but for the entire network.)
>
> (If you can't trust your network provider's DNS resolver, the tradeoff
> may be different.)
>
> zw
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays