[tor-bugs] #23278 [Core Tor/Tor]: Give user option to use non-Exit Guards only

[Tor Bug Tracker & Wiki]

#23278: Give user option to use non-Exit Guards only
------------------------------------+----------------------------------
 Reporter:  cypherpunks             |          Owner:  (none)
     Type:  enhancement             |         Status:  reopened
 Priority:  Medium                  |      Milestone:  Tor: unspecified
Component:  Core Tor/Tor            |        Version:
 Severity:  Normal                  |     Resolution:
 Keywords:  tor-client, tor-config  |  Actual Points:
Parent ID:                          |         Points:
 Reviewer:                          |        Sponsor:
------------------------------------+----------------------------------

Comment (by cypherpunks):

 Replying to [comment:8 dgoulet]:
 > Because of #23318, it seems that a "paranoid mode" option would be what
 the reporter of this bug wants that is an option that makes tor never pick
 a Guard that has a non empty exit policy

 actually the consensus weight for exitguards is nearly ZERO for guard
 probability. your client shouldn't pick and use it as guard. well at least
 it have the exit flag.

 Replying to [comment:9 cypherpunks]:

 > Tor client can to pick Guard with "accept *:443; reject *:*" exit
 policy, which is not enough for relay to get Exit flag but enough to use
 it as exit relay. Actually there are many real non-Exit (flag) Guards with
 more complex exit policies that can be used as exits too (there many
 protocols nasty people can do nasty things).
 is there a easy way to find such relays? without searching through whole
 consensus desciptors like a metrics relay search pattern? flag:!exit ... i
 tried find them through https://check.torproject.org/cgi-
 bin/TorBulkExitList.py but had no luck yet.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23278#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online