How do we defeat exit node sniffing?

[Wesley Kenzie]

I think you could make a case for trusting 1 or a handful of exit nodes, and
use ExitNodes abc and StrictExitNodes 1 to make sure you only use those for
sensitive authentication connections like you are asking about.
 
For example, do you think blutmagie is sniffing?  When it is trusted as a V2
and Hidden Service Directory Authority?
 
Or BostonUCompSci?  It would be kind of embarrassing to Boston University
wouldn't it, if they were found to be sniffing?
 
It is probably too much to expect at this point, though, that a list of
trusted exit nodes will be publicly compiled.  I think you have to do your
own investigations and come up with your own list.
 
Wesley
 

-----Original Message-----
From: owner-or-talk at freehaven.net [mailto:owner-or-talk at freehaven.net] On
Behalf Of defcon
Sent: June 5, 2008 6:36 PM
To: or-talk at freehaven.net
Subject: Re: How do we defeat exit node sniffing?


so what do you all suggest if I must authenticate to a non ssl connection?
How do I do it anonymously and safely?


On Thu, Jun 5, 2008 at 5:37 PM, Christopher Davis <loafier at gmail.com> wrote:


On Thu, Jun 05, 2008 at 05:01:34PM -0700, defcon wrote:
> What are some good ways to defeat exit node sniffing?  Is there a listing
of
> good exit nodes that do not sniff?
> Thanks,
> defcon


Prefer TLS-enabled services, and mind the authenticity of server certs.
Or use Tor hidden services.

--
Christopher Davis



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080605/9c7291c5/attachment.htm>