Gregory and Ted -<div><br></div><div>Thanks for sharing your ideas. The challenge here runs deep...</div><div><br></div><div>At this time, I am measuring the 'effectiveness' of my contribution to Tor though the bandwidth that is used. In 2008, I had over a TBytes of bandwidth that I didn't use. (Purchased as a part of my server hosting service, <a href="http://linode.com">linode.com</a>). </div>
<div><br></div><div>I have re-configured my relay to also accept inbound connections. I feel like this will have a low probability of creating friction between my service provider any myself, and as can be seen in the attached graph is using more bandwidth... So I am able to both contribute bandwidth to the project and avoid the problems associated with being an exit node.</div>
<div><br></div><div>I am considering running a separate exit note later - just getting my mind wrapped around all of this...</div><div><br></div><div>Again, thanks for your comments...</div><div><br></div><div>Erik</div><div>
<br></div><div><br><div class="gmail_quote">On Fri, Jan 2, 2009 at 1:25 PM, Gregory Maxwell <span dir="ltr"><<a href="mailto:gmaxwell@gmail.com">gmaxwell@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
On Fri, Jan 2, 2009 at 11:43 AM, Erik Heidt <<a href="mailto:erik.heidt@artofinfosec.com">erik.heidt@artofinfosec.com</a>> wrote:<br>
[snip]<br>
> - Permitting exit to key informational resources (e.g. wikipedia services)<br>
<div class="Ih2E3d">> - Permitting exit to top 5 or 10 web mail services (e.g. google mail,<br>
> hotmail, yahoo, etc.)<br>
<br>
</div>And manage to make yourself look like someone doing a targeted MITM<br>
attack on tor users. :(<br>
<br>
The above use cases should be handled by improving the exit enclave<br>
support and convincing these sorts of major sites to run their own<br>
exists.<br>
<br>
If you'd like to cut abuse without looking like an attacker yourself<br>
you're best off limiting your exit to ports which cause few abuse<br>
complaints. IRC and other chat protocols are probably good examples.<br>
</blockquote></div><br></div>