Hey Ximin,
I don't think it's been discussed in-depth before (at least not on-list), but I've thought a fair bit about it. While it's an interesting idea, I don't think that the risks for deploying it far outweigh any minor reward that could come of it. This idea has come up several times in the context of Cupcake "wouldn't it be great if we could" sort of thing. It really wouldn't.
Exit node operators take on some pretty serious legal and security risks if they operate their exit from home. (NEVER DO THIS). More than one person has been raided by police who didn't do their due diligence beforehand. Expanding that into the territory of people who aren't fully aware of their risks would have terrible repercussions.
It also becomes trivial to flood the Tor network with bad ephemeral exits, which disappear before people catch on. Speed would be an issue also.
While I really believe that expanding Flashproxy and Fog and Bridges is extremely important, I don't that's plausible for exit points. Educating groups of website owners about censorship would help us a lot. Circumvention isn't something that's thought a lot about in the US, which unfortunately is where a lot of large websites are based. Unblocking all or portions of [big website] can be extremely helpful to at-risk groups of people, and that's not always obvious to sysops.
~Griffin
Il 31.12.2013 06:07 Ximin Luo ha scritto:
Hey all,
Flashproxy[1] helps to bypass entry-node blocks. But we could apply the general idea to exit-nodes as well - have the exit-node connect to the destination via an ephemeral proxy. The actual technology probably needs to be different since we can't assume the destination has a flashproxy (websocket/webrtc) PT server running, but we could probably find a technical solution to that.
However, I talked this over with a few people and there might be legal and security issues. A few points:
- running an exit node carries a great risk, it would be bad/unethical
to let ephemeral proxy runners take this risk
- (for security reasons we don't fully understand) there is a process
for trusting exit nodes and/or detecting misbehaviour (I see badexit emails from time to time). this would be made much harder if exits were ephemeral.
- someone could create a massive number of ephemeral exit nodes and
capture a lot of exit traffic, giving them extra data to de-anonymise people.
I was wondering if any of these have been discussed in depth before already, or if the general topic of exit-node block bypassing is something to be explored.
X