<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
On 08/28/2013 12:08 AM, Jon Gardner wrote:<br>
<blockquote
cite="mid:48CC051C-77CE-415B-BF49-C3D4A724710B@brazoslink.net"
type="cite">
<pre wrap="">Then why have exit policies? Exit nodes regularly block "unwelcome" traffic like bittorrent, and there's only a slight functional difference between that and using a filter in front of the node to block things like porn (which, come to think of it, also tends to be a bandwidth hog like bittorrent--so it doesn't have to be just a moral question).
</pre>
</blockquote>
I do not wish to comment on the morality or desirability of traffic
filters, but on the implementation:<br>
<br>
It is much easier to block the majority of BitTorrent traffic than
it is to block specific content served through HTTP. Torrent traffic
can be blocked by the <a
href="https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy">reduced
exit policy</a>, which is a static whitelist of ports to allow. To
do the same thing for content over HTTP, one would have to maintain
a dynamic blacklist of IPs (or IP/port combinations) to block, which
is much more challenging. An even more challenging alternative would
be to implement <a
href="https://en.wikipedia.org/wiki/Deep_packet_inspection">deep
packet inspection</a> at the exit nodes—I think this is completely
unpalatable to most Tor developers and exit node operators (and
maybe illegal under US wiretapping laws).<br>
<br>
Vincent<br>
</body>
</html>