On 12 Oct 2015, at 04:12, grarpamp <grarpamp@gmail.com> wrote:

#17297: TorCheck fails on new exit egress IP not in exit DB, confusing to user
https://trac.torproject.org/projects/tor/ticket/17297

As said three days ago before OP...

No, I'd consider it a technique to avoid having
your exit put on braindead tor-hating consensus
scraping blacklists... a feature not a bug... with
the great side effect that such exits are usable to
circumvent similar braindead / hating censorship
directed at tor users.
(Thus exit operators my explicitly want to set
this up and could care less what check.tpo
and whatever else say, or don't say, about their IP.)

Exonerator is for operators, that's their choice there.

And law enforcement use Exonerator too.
So multihomed exit operators may have to explain/prove that their extra IP is a Tor exit (if given a chance), rather than having the authorities discover this while pulling the machine apart.

I'd rather add a blurb on check.tpo to hit newnym
and check again if user has reason to believe they're
using tor than start booting relays because of this.
(Or "fixing" exit DB / check.tpo by scanning).

Also, it's routing / tunnelling / bind addressing
and has nothing to do with exit policy.

As long as the operator secures the services on their machine that assume that connections from localhost are trusted, which is why exit policies have been adjusted for multihomed exits by default.


Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F