[tor-bugs] #2697 [Torflow]: Detect exit nodes running 'transparent' HTTP proxies

[Tor Bug Tracker & Wiki]

#2697: Detect exit nodes running 'transparent' HTTP proxies
-------------------------+--------------------------------------------------
 Reporter:  rransom      |          Owner:  mikeperry
     Type:  enhancement  |         Status:  new      
 Priority:  critical     |      Milestone:           
Component:  Torflow      |        Version:           
 Keywords:               |         Parent:           
   Points:               |   Actualpoints:           
-------------------------+--------------------------------------------------

Comment(by rransom):

 Replying to [comment:5 tornewbie]:
 > I think he's not the one and only one going to do that ...

 That's why I want the exit scanner to use at least a few HTTP proxy
 detection techniques.

 > I've put all Amunet* family IP range ( 199.48.147.32/28 ) in my
 ExcludeExitNodes list since when I saw that different tor check pages ( at
 random and not always ) told me I was not using Tor and the IP was
 199.48.147.44 ( over which no Amunet family node is running ).

 It sounds to me like the Amunet exit nodes are all running on a single
 computer with multiple IP addresses, and their operator didn't set
 !OutboundBindAddress (or set it to the same value in multiple nodes' torrc
 files).  What you describe is not necessarily a sign of an upstream HTTP
 proxy, and particularly not on a family of exit nodes that we know
 contains multiple Tor instances per physical computer.

 Please be aware that using !ExcludeExitNodes (especially if you exclude a
 significant set of high-bandwidth exits) can harm your anonymity.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2697#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online