[tor-dev] Alternatives to Tor Exit Enclaves

Andrew Clausen clausen at econ.upenn.edu
Wed Apr 18 23:05:14 UTC 2012

Hi Arturo,

On 18 April 2012 17:47, Arturo Filastò <art at baculo.org> wrote:
> On 4/18/12 5:33 PM, Andrew Clausen wrote:
>> Do .exit addresses already do what you had in mind?  For example, if
>> you add "AllowDotExit 1" to your torrc, you can type an address like
>> this
> No, .exit notation is a bad idea because it allows people
> to force you to exit through a particular exit node of their
> choosing.

I suppose this is true, according to the spec.  (When I tested this
out, the implementation seemed to match my proposal below rather than
the spec.  I haven't had a chance to look at it.)

However, it would be easy to change Tor slightly.  If Tor used four
ORs rather than three with .exit addresses, then there would be no
problem.  The only difference between using "http://myserver.exit"
rather than "https://myserver.com" would be that the last hop would
use the Tor protocol rather than HTTP.

> For example I can place a <img src=""> tag on a website
> and de-anonymize every user by getting them to go through my
> address.

The situation for <img src="http://myserver.exit"> would be no worse
than for <img src="http://myserver.com">


More information about the tor-dev mailing list