[tor-bugs] #2667 [Tor]: Exits should block reentry into the tor network

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jul 23 23:08:26 UTC 2014 

#2667: Exits should block reentry into the tor network
---------------------------+--------------------------------------
     Reporter:  mikeperry  |      Owner:
         Type:  defect     |     Status:  new
     Priority:  major      |  Milestone:  Tor: 0.2.???
    Component:  Tor        |    Version:
   Resolution:             |   Keywords:  needs-proposal tor-relay
Actual Points:             |  Parent ID:  #2664
       Points:             |
---------------------------+--------------------------------------

Comment (by cypherpunks):

 Replying to [comment:17 proper]:
 > [...]
 > Alternative solution:
 > Advice users behind transparently torified networks to use bridges. This
 should be a sensible workaround?
 >
 > The Tor exit does not have the list of all bridges and can therefore not
 block reentry into the Tor network. And the Tor user is supposed not have
 large quantities of bridges.

 This would be true, except the discussion above suggests also having
 bridges refuse inbound connections from known exits.

 Replying to [comment:18 mikeperry]:
 > [...]
 > On the other hand, the only advantage that I'm aware of with having your
 own local Tor client is the ability to do "New Identity" and have it give
 you a new circuit.
 >
 > Can you explain why asking people if they are behind a Tor transproxy
 doesn't work? These people should be a small minority...
 >
 > What if proper provides those people with alternate TBB launch scripts
 that allow them to launch Tor Browser without a local tor client, and
 optionally specify the control port and password for their upstream Tor
 client's control port?

 I guess you're assuming the browser user is also the administrator of the
 transparent proxy? In some configurations, this isn't the case. Imagine
 someone wants to offer free wifi but doesn't want wifi users to be able to
 see what their internet upstream is. This configuration is possible (and
 deployed in some places), but if this proposal were implemented it would
 stop working. This configuration is useful in places like Germany where
 most people are afraid of the liability of having open wifi.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2667#comment:25>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list