[tor-relays] new relays

Vincent Yu v at v-yu.com
Tue Aug 27 17:11:50 UTC 2013


On 08/28/2013 12:08 AM, Jon Gardner wrote:
> Then why have exit policies? Exit nodes regularly block "unwelcome" traffic like bittorrent, and there's only a slight functional difference between that and using a filter in front of the node to block things like porn (which, come to think of it, also tends to be a bandwidth hog like bittorrent--so it doesn't have to be just a moral question).
I do not wish to comment on the morality or desirability of traffic
filters, but on the implementation:

It is much easier to block the majority of BitTorrent traffic than it is
to block specific content served through HTTP. Torrent traffic can be
blocked by the reduced exit policy
<https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy>,
which is a static whitelist of ports to allow. To do the same thing for
content over HTTP, one would have to maintain a dynamic blacklist of IPs
(or IP/port combinations) to block, which is much more challenging. An
even more challenging alternative would be to implement deep packet
inspection <https://en.wikipedia.org/wiki/Deep_packet_inspection> at the
exit nodes---I think this is completely unpalatable to most Tor
developers and exit node operators (and maybe illegal under US
wiretapping laws).

Vincent
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20130828/b12c93ac/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4222 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20130828/b12c93ac/attachment.bin>


More information about the tor-relays mailing list