[tor-dev] exit-node block bypassing

Ximin Luo infinity0 at gmx.com
Tue Dec 31 11:07:32 UTC 2013

Hey all,

Flashproxy[1] helps to bypass entry-node blocks. But we could apply the general idea to exit-nodes as well - have the exit-node connect to the destination via an ephemeral proxy. The actual technology probably needs to be different since we can't assume the destination has a flashproxy (websocket/webrtc) PT server running, but we could probably find a technical solution to that.

However, I talked this over with a few people and there might be legal and security issues. A few points:

- running an exit node carries a great risk, it would be bad/unethical to let ephemeral proxy runners take this risk
- (for security reasons we don't fully understand) there is a process for trusting exit nodes and/or detecting misbehaviour (I see badexit emails from time to time). this would be made much harder if exits were ephemeral. 
- someone could create a massive number of ephemeral exit nodes and capture a lot of exit traffic, giving them extra data to de-anonymise people.

I was wondering if any of these have been discussed in depth before already, or if the general topic of exit-node block bypassing is something to be explored.


[1] http://crypto.stanford.edu/flashproxy


More information about the tor-dev mailing list