[tor-dev] stopping the censoring of tor users.
Michael Rogers
michael at briarproject.org
Fri Feb 26 14:53:24 UTC 2016
As far as I can tell, this would work, and you could do it without any
changes to the Tor network. Just set up a hidden service where the
service is an open proxy.
It wouldn't be transparent to clients, however - they'd need to do some
proxychains-style juggling to connect to their local onion proxy, then
connect through that to your hidden service, then connect through that
to the internet. You could of course create a library to do the extra
work on the client side - but the point is, it wouldn't work for
unmodified clients.
But perhaps the bigger problem with hidden exit nodes is that when
someone does something illegal through your exit node and the police
come to your door, you can't point to the public list of exit nodes and
say "It wasn't me, I'm just an exit node". The best you can do is point
to the hidden exit nodes library and say "It might not have been me,
anyone could be an exit node".
Cheers,
Michael
On 25/02/16 22:06, blacklight . wrote:
> About the issue of exit nodes needing to know to which bridge they need
> to connect to, could we not make a system that similair to hidden
> services, so that the nodes can connect to them without knowing the
> actulle ip adress? If we could design an automatic system in which flash
> proxies could be configered like that, then it might work i think, what
> are your thoughts?
>
> Op 25 feb. 2016 22:37 schreef "Thom Wiggers" <torlists at thomwiggers.nl
> <mailto:torlists at thomwiggers.nl>>:
>
> You may be interested in the following from the FAQ:
>
> https://www.torproject.org/docs/faq.html.en#HideExits
>
> You should hide the list of Tor relays, so people can't block the exits.
>
> There are a few reasons we don't:
>
> a) We can't help but make the information available, since Tor
> clients need to use it to pick their paths. So if the "blockers"
> want it, they can get it anyway. Further, even if we didn't tell
> clients about the list of relays directly, somebody could still make
> a lot of connections through Tor to a test site and build a list of
> the addresses they see.
> b) If people want to block us, we believe that they should be
> allowed to do so. Obviously, we would prefer for everybody to allow
> Tor users to connect to them, but people have the right to decide
> who their services should allow connections from, and if they want
> to block anonymous users, they can.
> c) Being blockable also has tactical advantages: it may be a
> persuasive response to website maintainers who feel threatened by
> Tor. Giving them the option may inspire them to stop and think about
> whether they really want to eliminate private access to their
> system, and if not, what other options they might have. The time
> they might otherwise have spent blocking Tor, they may instead spend
> rethinking their overall approach to privacy and anonymity.
>
> On 25/02/16 20:04, blacklight . wrote:
>> hello there! i don't know if this mailing list works but i thought
>> of giving it a try.
>>
>> i was lately reading an article
>> (http://www.pcworld.com/article/3037180/security/tor-users-increasingly-treated-like-second-class-web-citizens.html)
>> and it was about tor users getting blocked from accessing alot of
>> website. but after giving this some thought i think i came up with
>> a possible solution to the problem :there is a thing called
>> bridges, they are used to access the tor network without your isp
>> knowing that you use tor, but if you can use those proxies to
>> enter the network, it might also be possible to exit the network
>> with them. But then we face a second challenge, the exit nodes
>> have to be configured in such a way that it will relay traffic to
>> such a bridge, so the exit node owners also need to know the ip of
>> the bridge. While this doesn't seem difficult to do, it can become
>> difficult. You see if the bridges are published on a public
>> list(like normal bridges are) then the blocking sites in question
>> will be able to block those address too. While this also posses a
>> problem, a possible solution could be found in something called
>> flashproxies, flashproxies are bridges with a really short life
>> span, they are created and destroyed fairly swiftly, when this is
>> done in a rapid pace, they become really hard to block because the
>> ip changes all the time. So if the exit nodes can be configured to
>> make use of such flash proxies, then the problem could be solved.
>> I Must admit that not an expert on this or anything, and it needs
>> alot of more thought, but it could work. so i was wondering if
>> there are any experts who could help me with thinking out this
>> subject and maybe confirm if this idea could work.
>>
>>
>> greetings, blacklight
>>
>>
>> _______________________________________________
>> tor-dev mailing list
>> tor-dev at lists.torproject.org <mailto:tor-dev at lists.torproject.org>
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
>
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org <mailto:tor-dev at lists.torproject.org>
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
>
>
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x9FC527CC.asc
Type: application/pgp-keys
Size: 4660 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160226/39f1e3d6/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160226/39f1e3d6/attachment.sig>
More information about the tor-dev
mailing list