[tor-relays] ExitPolicy reject *:* ships commented out?

Thomas Hand th6045 at gmail.com
Sat Sep 7 00:47:32 UTC 2013


There was a version of Tor released in the development repos that included
Accept *.* in torrc. I remember seeing it but have no idea which version it
was. I too think this is a mistake. If casual relay operators are being
shut down due to a misconfigured torrc, Tor will suffer more bad press by
media types who have no idea how Tor actually works. We want to encourage
Tor relaying no!? The more relays, the better the service.
I would also suggest to any devs reading this that some kind of pretty
looking auto-config needs to run the user through the physical details of
the connection and then configure the torrc appropriately. The average
random who simply wants to donate bandwidth isnt going to run through the
whole torrc and make sure everything is dandy before sticking the relay
online.
I can think of many competent, intelligent friends who would happily run a
relay but they're probably not tech savvy enough to ge the torrc just so
for their connections. 'Plug the wire into the grey box, internet
happens'....

On top of all this, if someone if wanting to run an Exit node, they will
likely be the more tech savvy types. People who have a VPS etc. If that is
the case then they will no doubt be able to configure Accept *.* in a text
file.

TL;DR version, devs please uncomment Reject *.* in the default torrc on all
future releases on Tor. I really think this will cause serious headaches
for well meaning volunteers.

Tom


On 31 August 2013 19:09, Gordon Morehouse <gordon at morehouse.me> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> The friend was upgrading from Tor 0.2.3.x to Tor 0.2.4.16-rc.  I do
> not know whether he used a tarball but I think it likely he used the
> Tor 'experimental' repos as his VPS is Debian-family, and he said "I
> couldn't keep the old config"; thus debconf likely presented him with
> a choice, he accepted the new config, edited as far down as he needed
> to turn relaying on, and that's it.
>
> Since the default exit policy is for a relay to be an exit (without,
> even, the benefit of ReducedExitPolicy), his VPS was shut down in
> about a day as he'd unknowingly turned himself into an exit node.
>
> Partial user error, and partial - as he would argue and so would I -
> bad defaults.  This guy is a software engineer who had a derp moment.
>  I wonder how many less tech-savvy users may make the same mistake and
> then have a bad time and never relay again (or be subject to law
> enforcement action, particularly in hostile countries).
>
> David Carlson:
> > I am confused by this thread.  In fact, the specific downloaded
> > file that the OP is referring to is not named, nor is it mentioned
> > whether it was installed 'as-is' or with a modified configuration.
> >  Then a follow-up message refers to TBB, which is not even a relay
> > package. David C
>
> -----BEGIN PGP SIGNATURE-----
>
> iQEcBAEBCgAGBQJSIjFZAAoJED/jpRoe7/ujkPwIALCTA0q7/BAxn3E9cfQdjqpJ
> SrHJGXMmIgQlmC98b1VfpoUmmsaz8dlhHfngl1CW230exhMIKLbkXOMAlzlgIowP
> YfyMmdTkcx7fWg0jvFYUGMEbJP1k5thN+IYWJEQ1Myh67UTgL8gsclNmT4utH4bu
> 96COXJLW8i20iegTmh8qMqEQD0au2bj0Y0iI/dNRqHEF2U/XOIal3yE7HDAUUWPL
> VlmHWOrh6uuKKCp9/iOrmh0ZzVm1TQDQ2eYVdA2ciLHpecAXIIyRFRtXceZRm3Kh
> 7HNqosenW+9ecszGkQc0XZerCVUI/bWAfv1EmrgYbz4PNjZlzCy/RNfc91EgiDU=
> =IdH9
> -----END PGP SIGNATURE-----
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20130907/e6f38497/attachment-0001.html>


More information about the tor-relays mailing list