On Sun, 3 Apr 2016 00:37:45 -0700 Ryan Carboni ryacko@gmail.com wrote:> >
(as opposed to the people that seem to think that Exits should actively combat abuse by having the capability for censorship).
Well, a large number of exit nodes already have the capability for a man-in-the-middle attack. This capability could very well be a default option.
There's legal/ethical issues with that sort of thing. In the bright future (more modern versions of HTTP for example), encryption is going to be the default.
An anonymity system that mounts active-man-in-the-middle attacks against TLS (or QUIC's encryption) isn't anything I'll be working on.
b) In your magic world, how would accessing any site that uses
multiple hosts for content to work?
[snip] This might seem patronizing, but you seem genuinely ignorant.
No. I was wondering how a poorly thought out idea is supposed to not negatively impact anonymity given that bundling multiple endpoints over a single circuit is good for anonymity.
It was a genuine technical question.
[snip]
By any reasonable definition of ethics, one must find a middle ground, and essentially, Cloudflare has all the negotiating power, unless you plan on personally battering down the doors of Cloudflare.
Well, I did write an addon that just fetches content from archive.is whenever I get a Captcha. Does that count?
Perhaps a maximum of 63 domain names (forgot Cloudflare only has a dozen IPs) per Tor circuit could be done.
You have a definition of "a dozen" that doesn't match one that I'm familiar with (https://archive.is/eSl37).
Anyway, it's easy for clients to request multiple circuits. An anonymity system where the Exit possesses linkable client identifiers between circuits/sessions is also a poor anonymity system.
*plonk*