default exit policy (was Re: CN's nodes lookin' uncool, do they?)
Roger Dingledine
arma at mit.edu
Mon Sep 17 23:23:43 UTC 2007
On Mon, Sep 17, 2007 at 05:47:51PM -0500, Kevin Smith wrote:
> Perhaps the default behavior of clicking the Vidalia Tor server button
> should be to make the server a middleman and not an exit node. Not
> only would this help reduce exit nodes in China and other countries
> where the site being requested might actually be blocked by the ISP,
> but also it would help to protect novice Tor users who want to
> contribute some bandwidth but who are unaware of the potential
> pitfalls of running an exit node.
There are two reasons that Tor's default exit policy allows some
common ports rather than denying everything:
1) The activation energy to change one thing (becoming a server) is
already very high. We don't want to make it so people need to change
two separate things to be useful to the network.
2) I've talked to a lot of people over the years who say they're happy
to run the default exit policy -- whatever it is -- but they are not
willing to run anything more permissive than the default. This is
because their ISPs are fine with the default configuration ("well,
if that's what other people run") but are not fine with changes.
See also the earlier threads on this topic:
http://archives.seul.org/or/talk/Mar-2005/threads.html#00042
http://archives.seul.org/or/talk/Apr-2005/threads.html#00049
Now, part of our solution back in 2005 was to write a nice clear comment
in the torrc file so people knew what they were getting into. I agree
that we should work on making the "make me into a server" interface in
Vidalia provide some education too. (There is a similar issue if the
user doesn't realize he might want to click on the 'Bandwidth Limits'
tab to see what that's about.) Constructive suggestions?
--Roger
More information about the tor-talk
mailing list