[tor-relays] Reminder: don't run transparent proxies at exits

Drake Wilson drake at dasyatidae.net
Sat Jan 10 05:40:40 UTC 2015

Drake Wilson wrote:
> But the TCP specification doesn't.  Nor is the Tor client signaling
> to you that they want an HTTP connection and not a raw TCP connection.
> Whether they happen to be passing octets over it that correspond to an
> HTTP stream is irrelevant.

Or alternatively, let me put the distinction this way:

  "Could you please find me the number for Pythagoras' Pizza Palace?"
    "Sure, let me get out the copy of the phone book at my desk.  It's


  "Could you please connect me to 555-6283?"
    "Sure."  *beep beep*
  "Pythagoras' Pizza Palace?  I'd like six Scalene Specials delivered for
   J. Random User-Agent."
    "No problem, we'll get that to you in 30 minutes."


  "Could you please connect me to 555-6283?"
    "Sure."  *beep beep*
  "Pythagoras' Pizza Palace?  My client just called me from jail!  You _do_
   remember what 'six Scalene Specials' was supposed to be code for, right?"
    "Oh, this is actually the operator.  I had the right kind of spare,
     fresh pizza lying around already, so I figured..."
    "Don't worry!  I didn't do anything funny to it!  It's all good!"

   ---> Drake Wilson

More information about the tor-relays mailing list