AN idea of non-public exit-nodes

Gregory Maxwell gmaxwell at gmail.com
Wed Nov 25 17:21:39 UTC 2009


On Tue, Nov 24, 2009 at 8:05 PM, Ted Smith <teddks at gmail.com> wrote:
> On Tue, 2009-11-24 at 19:49 -0500, Roger Dingledine wrote:
>> See especially point #1: "even if we didn't tell clients about the
>> list of
>> relays directly, somebody could still make a lot of connections
>> through
>> Tor to a test site and build a list of the addresses they see."
>>
>> I guess we could perhaps add support for configuring your own secret
>> exit node that your buddy runs for you. But at that point the
>> anonymity
>> that Tor can provide in that situation gets pretty fuzzy.
>
> It's like a bridge, but for exits. They would probably have to be a lot
> less friend-to-friend than bridges, but it might still be doable. I
> think this is what the original poster meant, anyways.

So non-disclosed bridges work because the entrance node always knows who
you are, so having to arrange something with someone doesn't disclose
much more information. It doesn't disclose where you are going.

In the case of an exit the knows where you're going but not who you are.
If you must arrange for access to the exit then the exit gets the opportunity
to learn who you are.  Once the exit knows who you are than the whole purpose
of tor is defeated.

I can imagine a couple of possible cryptographic methods which would make a
private exit unusable until there is a sufficiently large clique of people
who could use the exit... but everything I can think of would be highly
vulnerable to attack by setting up additional conspiring nodes.

It seems to me that the cases where a private exit would be useful could
be equally served by running a separate tor network.
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list