On 12 Oct 2015, at 04:12, grarpamp grarpamp@gmail.com wrote:
#17297: TorCheck fails on new exit egress IP not in exit DB, confusing to user https://trac.torproject.org/projects/tor/ticket/17297
As said three days ago before OP...
No, I'd consider it a technique to avoid having your exit put on braindead tor-hating consensus scraping blacklists... a feature not a bug... with the great side effect that such exits are usable to circumvent similar braindead / hating censorship directed at tor users. (Thus exit operators my explicitly want to set this up and could care less what check.tpo and whatever else say, or don't say, about their IP.)
Exonerator is for operators, that's their choice there.
And law enforcement use Exonerator too. So multihomed exit operators may have to explain/prove that their extra IP is a Tor exit (if given a chance), rather than having the authorities discover this while pulling the machine apart.
I'd rather add a blurb on check.tpo to hit newnym and check again if user has reason to believe they're using tor than start booting relays because of this. (Or "fixing" exit DB / check.tpo by scanning).
Also, it's routing / tunnelling / bind addressing and has nothing to do with exit policy.
As long as the operator secures the services on their machine that assume that connections from localhost are trusted, which is why exit policies have been adjusted for multihomed exits by default.
…
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F