[tor-relays] de-centralised bad exit list files - a bad and/or naive idea ?

Yawning Angel yawning at schwanenlied.me
Sat Jul 4 00:09:45 UTC 2015

On Fri, 03 Jul 2015 08:17:00 -0700
Seth <list at sysfu.com> wrote:

> On Fri, 03 Jul 2015 04:27:50 -0700, Toralf Förster  
> <toralf.foerster at gmx.de> wrote:
> > Reading "[tor-relays] unflagged BAD EXIT nodes" /me wonders, such
> > a feature would makes sense.

Maybe.  The fundamental problems here are:

 * This reduces users anonymity, in that any modifications to the path
   selection behavior will make a given user behave differently from
   others, thus reducing their anonymity set from "all Tor users" to
   "all Tor users that happen to use an identical configuration".  The
   more restrictive a given user chooses to be about what Exits they
   allow, the more severe the reduction.

 * The maintainer of such a list can do a lot of damage (partitioning
   attacks, serving unique lists to each people).  The extreme example
   would be along the lines of serving out lists that BadExit
   everything but adversary controlled Exits, or adversary observable

 * How does one establish list-maintainer trust.  While the methodology
   of the research that went into this appears solid, and the person
   appears to have the userbase's best interests in mind, it's hard to

At a more basic level, I personally would rather see things like the
badonions honeypot code integrated into something like phw's exitmap
(patches accepted), and the BadExit-ing procedure improved
substantially.  Both of these things would be good places for
volunteers to step up, and I think would be more fruitful in the long

> > Technically this could yield to a ./torrc.d config directory, where
> > tor users could store the (regular updated) list/s they do trusts.
> That would be nice, right now copying in the fingerprints of dozens
> of exit nodes into torrc is downright painful, especially since they
> can't be listed on their own lines.
> The ability to use nginx style include statements in torrc would also
> be helpful, that way values like 'ExitNodes' could be maintained in
> a separate file.

You can kind of do this with a `--defaults-torrc` file and a separate
file (probably autogenerated) containing all your other things.  Or
start Tor with `DisableNetwork` set, and use the control port to load
your tinfoil hattery.


Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20150704/b32c826f/attachment.sig>

More information about the tor-relays mailing list