<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<TITLE>Message</TITLE>
<META content="MSHTML 6.00.6000.16640" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=264453304-06062008><FONT face=Verdana color=#0000ff size=2>I
think you could make a case for trusting 1 or a handful of exit nodes, and
use ExitNodes abc and StrictExitNodes 1 to make sure you only use those for
sensitive authentication connections like you are asking
about.</FONT></SPAN></DIV>
<DIV><SPAN class=264453304-06062008><FONT face=Verdana color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=264453304-06062008><FONT face=Verdana color=#0000ff size=2>For
example, do you think blutmagie is sniffing? When it is trusted as a
V2 and Hidden Service Directory Authority?</FONT></SPAN></DIV>
<DIV><SPAN class=264453304-06062008><FONT face=Verdana color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=264453304-06062008><FONT face=Verdana color=#0000ff size=2>Or
BostonUCompSci? It would be kind of embarrassing to Boston University
wouldn't it, if they were found to be sniffing?</FONT></SPAN></DIV>
<DIV><SPAN class=264453304-06062008><FONT face=Verdana color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=264453304-06062008><FONT face=Verdana color=#0000ff size=2>It
is probably too much to expect at this point, though, that a list of
trusted exit nodes will be publicly compiled. I think you have to do your
own investigations and come up with your own list.</FONT></SPAN></DIV>
<DIV><SPAN class=264453304-06062008><FONT face=Verdana color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=264453304-06062008><FONT face=Verdana color=#0000ff
size=2>Wesley</FONT></SPAN></DIV>
<DIV><SPAN class=264453304-06062008><FONT face=Verdana color=#0000ff
size=2></FONT></SPAN> </DIV>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left><FONT
face=Tahoma size=2>-----Original Message-----<BR><B>From:</B>
owner-or-talk@freehaven.net [mailto:owner-or-talk@freehaven.net] <B>On Behalf
Of </B>defcon<BR><B>Sent:</B> June 5, 2008 6:36 PM<BR><B>To:</B>
or-talk@freehaven.net<BR><B>Subject:</B> Re: How do we defeat exit node
sniffing?<BR><BR></FONT></DIV>so what do you all suggest if I must
authenticate to a non ssl connection? How do I do it anonymously and
safely?<BR><BR>
<DIV class=gmail_quote>On Thu, Jun 5, 2008 at 5:37 PM, Christopher Davis
<<A href="mailto:loafier@gmail.com">loafier@gmail.com</A>> wrote:<BR>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">
<DIV>
<DIV></DIV>
<DIV class=Wj3C7c>On Thu, Jun 05, 2008 at 05:01:34PM -0700, defcon
wrote:<BR>> What are some good ways to defeat exit node sniffing?
Is there a listing of<BR>> good exit nodes that do not
sniff?<BR>> Thanks,<BR>> defcon<BR><BR></DIV></DIV>Prefer TLS-enabled
services, and mind the authenticity of server certs.<BR>Or use Tor hidden
services.<BR><BR>--<BR><FONT color=#888888>Christopher
Davis<BR></FONT></BLOCKQUOTE></DIV><BR></BLOCKQUOTE></BODY></HTML>