tl;dr; restricted access + usage of an exit
longer: An exit is sooner or later abused. A reduced exit policy does not prevent that.
What about setup a tor exit relay with 'PublishServerDescriptor = 0' ?
Having an access line like for bridges would restrict the access. An alternative could be a port knockig + iptables solution.
Objections and comments are welcome.
I can only speak with anonymity in mind, since this would mean you run a "vpn" service (having a "quad-vpn", but actually one that makes sence in that its not just 4 different servers of one company). Having an access line would either mean you'd need to identify yourself (and of course it takes way more efford than just downloading the browser and getting right to it) or you'd still have people going to access lines and afterwards abusing the exit node.I'm not sure how you would implement port knocking and iptables tbh. Still, I think it's technically a good idea, I personally just wouldn't know how to implement it correctly.
Best, shruub
On Sat, Mar 04, 2023 at 10:28:44AM +0100, Toralf Förster wrote:
tl;dr; restricted access + usage of an exit
longer: An exit is sooner or later abused. A reduced exit policy does not prevent that.
What about setup a tor exit relay with 'PublishServerDescriptor = 0' ?
Having an access line like for bridges would restrict the access. An alternative could be a port knockig + iptables solution.
Objections and comments are welcome.
-- Toralf
What's the goal? To have a private exit that only you can use?
There is this very interesting paper and project called HebTor: https://dl.acm.org/doi/10.1145/3372297.3417245
This paper introduces HebTor, a new and robust architecture for exit bridges---short-lived proxies that serve as alternative egress points for Tor. A key insight of HebTor is that exit bridges can operate as Tor onion services, allowing any device that can create outbound TCP connections to serve as an exit bridge, regardless of the presence of NATs and/or firewalls. HebTor employs a micropayment system that compensates exit bridge operators for their services, and a privacy-preserving reputation scheme that prevents freeloading. We show that HebTor effectively thwarts server-side blocking of Tor, and we describe the security, privacy, and legal implications of our design.
If you're interested on playing with it -- for educational purposes only --, I can share some instructions in private.
Gus
On Samstag, 4. März 2023 17:29:13 CET gus wrote:
On Sat, Mar 04, 2023 at 10:28:44AM +0100, Toralf Förster wrote:
longer: An exit is sooner or later abused. A reduced exit policy does not prevent that.
What about setup a tor exit relay with 'PublishServerDescriptor = 0' ?
Having an access line like for bridges would restrict the access. An alternative could be a port knockig + iptables solution.
Objections and comments are welcome.
What's the goal? To have a private exit that only you can use?
I asked myself the same. Maybe an anonymously paid server with wireguard is an alternative. BuyVM or privex.io KVM, paid with Monero or Paysafecard.
Or toralf, you can use freifunk: https://hamburg.freifunk.net/
There is this very interesting paper and project called HebTor: https://dl.acm.org/doi/10.1145/3372297.3417245
Thanx, I'll have to take a closer look.
On 3/4/23 17:29, gus wrote:
What's the goal? To have a private exit that only you can use?
Indeed, similar goal as for private bridges.
There is this very interesting paper and project called HebTor: https://dl.acm.org/doi/10.1145/3372297.3417245
Thx, so I have sth to read.
-- Toralf
Be aware that attacks against you will be possible, since any traffic coming from that IP is only used by you. Unlike normal Tor users where they blend and hide amongst each other. You will be the only exit user.
A personal VPN might provide similar anonymity and be easier to manage and run.
On March 4, 2023 5:29:33 PM UTC, "Toralf Förster" toralf.foerster@gmx.de wrote:
On 3/4/23 17:29, gus wrote:
What's the goal? To have a private exit that only you can use?
Indeed, similar goal as for private bridges.
There is this very interesting paper and project called HebTor: https://dl.acm.org/doi/10.1145/3372297.3417245
Thx, so I have sth to read.
-- Toralf
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
gus -
lists@for-privacy.net -
shruub -
tor@nullvoid.me -
Toralf Förster