[tor-relays] Reminder: don't run transparent proxies at exits

cacahuatl cacahuatl at autistici.org
Sat Jan 10 02:18:12 UTC 2015


If you're caching exit traffic and a very naughty person uses your exit,
you've potentially cached "evidence" (to be seized). Also likely has
interesting legal questions, eg. 'if you're actually storing the
content, then do you "possess" it?' ymmv with jurisdiction and ianal.

eric gisse:
> Why? People say 'DO NOT MESS WITH TRAFFIC' but in the same breath they
> say 'BUT USE A CACHING DNS RESOLVER'.
> 
> This is an internally inconsistent attitude, and is not consistent
> with how large scale operations function either. Tools like varnish,
> CDN's, memcache, dns caching, etc are all common - and best -
> practices.
> 
> If there's a practical consideration I am missing, that's different.
> 
> 
> 
> On Fri, Jan 9, 2015 at 6:29 PM, Nusenu
> <BM-2D8wMEVgGvY76je1WXNPfo8SrpZt5yGHES at bitmessage.ch> wrote:
>> hi,
>>
>> eric gisse:
>>> I even threw on a squid proxy on regular http and that's caching
>>> something like 5-10% of all requests and overall http bandwidth.
>>
>> Are you saying you are routing exit traffic through a transparent squid
>> http proxy?
>>
>> If that is the case, please do not interfere with exit traffic in any way.
>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 


More information about the tor-relays mailing list