[tor-relays] de-centralised bad exit list files - a bad and/or naive idea ?
yawning at schwanenlied.me
Sat Jul 4 00:09:45 UTC 2015
On Fri, 03 Jul 2015 08:17:00 -0700
Seth <list at sysfu.com> wrote:
> On Fri, 03 Jul 2015 04:27:50 -0700, Toralf Förster
> <toralf.foerster at gmx.de> wrote:
> > Reading "[tor-relays] unflagged BAD EXIT nodes" /me wonders, such
> > a feature would makes sense.
Maybe. The fundamental problems here are:
* This reduces users anonymity, in that any modifications to the path
selection behavior will make a given user behave differently from
others, thus reducing their anonymity set from "all Tor users" to
"all Tor users that happen to use an identical configuration". The
more restrictive a given user chooses to be about what Exits they
allow, the more severe the reduction.
* The maintainer of such a list can do a lot of damage (partitioning
attacks, serving unique lists to each people). The extreme example
would be along the lines of serving out lists that BadExit
everything but adversary controlled Exits, or adversary observable
* How does one establish list-maintainer trust. While the methodology
of the research that went into this appears solid, and the person
appears to have the userbase's best interests in mind, it's hard to
At a more basic level, I personally would rather see things like the
badonions honeypot code integrated into something like phw's exitmap
(patches accepted), and the BadExit-ing procedure improved
substantially. Both of these things would be good places for
volunteers to step up, and I think would be more fruitful in the long
> > Technically this could yield to a ./torrc.d config directory, where
> > tor users could store the (regular updated) list/s they do trusts.
> That would be nice, right now copying in the fingerprints of dozens
> of exit nodes into torrc is downright painful, especially since they
> can't be listed on their own lines.
> The ability to use nginx style include statements in torrc would also
> be helpful, that way values like 'ExitNodes' could be maintained in
> a separate file.
You can kind of do this with a `--defaults-torrc` file and a separate
file (probably autogenerated) containing all your other things. Or
start Tor with `DisableNetwork` set, and use the control port to load
your tinfoil hattery.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the tor-relays