Phish filters on exit nodes

Geoffrey Goodell goodell at
Sun Jun 8 18:21:14 UTC 2008

On Sun, Jun 08, 2008 at 07:10:46PM +0100, Geoff Down wrote:
> Hi,
>  I work in antiphishing, and use Tor to access some phish sites.
> Today I got an OpenDNS Phish Warning page instead of the phish I was  
> trying to see. The site was visible with Tor switched off.
>  Is there a policy regarding content filtering at exit nodes?
> I recorded the 'Connections' data at the time, is there any point in  
> trying to work out the exit node involved and trying to contact them?

It sounds to me that either the exit node or its provider has decided to
be proactive about phishing by deploying filtering technology either at
the edge or in the network, respectively.

While it is great that they have decided to fight phishing, it is
somewhat troubling that they would mess with network neutrality by
providing filtered access (if it is the exit node, then to the Tor
users, if it is the Internet access provider of the exit node, then to
its customers).

It might be interesting to coordinate with the exit node operator; some
Tor routers have email addresses in their descriptors.  See, e.g.:

and click on the nicknames of the nodes to see the descriptors.

A more general solution would be to try to understand how the service
offered by different exit nodes actually differs.  This could
potentially lead to a way in which Tor clients could make smarter
choices about their exit nodes... or perhaps a way in which Tor
directory authorities could tag them.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <>

More information about the tor-talk mailing list