[tor-relays] why are some exit IPs missing from Exit IP DB?

Tim Wilson-Brown - teor teor2345 at gmail.com
Sun Oct 11 23:41:58 UTC 2015

> On 12 Oct 2015, at 04:12, grarpamp <grarpamp at gmail.com> wrote:
>> #17297: TorCheck fails on new exit egress IP not in exit DB, confusing to user
>> https://trac.torproject.org/projects/tor/ticket/17297
> As said three days ago before OP...
> No, I'd consider it a technique to avoid having
> your exit put on braindead tor-hating consensus
> scraping blacklists... a feature not a bug... with
> the great side effect that such exits are usable to
> circumvent similar braindead / hating censorship
> directed at tor users.
> (Thus exit operators my explicitly want to set
> this up and could care less what check.tpo
> and whatever else say, or don't say, about their IP.)
> Exonerator is for operators, that's their choice there.

And law enforcement use Exonerator too.
So multihomed exit operators may have to explain/prove that their extra IP is a Tor exit (if given a chance), rather than having the authorities discover this while pulling the machine apart.

> I'd rather add a blurb on check.tpo to hit newnym
> and check again if user has reason to believe they're
> using tor than start booting relays because of this.
> (Or "fixing" exit DB / check.tpo by scanning).
> Also, it's routing / tunnelling / bind addressing
> and has nothing to do with exit policy.

As long as the operator secures the services on their machine that assume that connections from localhost are trusted, which is why exit policies have been adjusted for multihomed exits by default.


Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20151012/84b1637a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20151012/84b1637a/attachment-0001.sig>

More information about the tor-relays mailing list