PrivacyNow is a BadExit (was Re: PrivacyNow node has misconfigured OpenDNS account)

Scott Bennett bennett at
Thu Apr 15 06:17:09 UTC 2010

     On Wed, 14 Apr 2010 21:14:49 -0400 zzzjethro666 at wrote:
>Thanks. This brings up a couple of questions. One, The Onion Router.doc re=
>commends against choosing one's exit nodes. Is your recommendation I exclu=
>de these naughty exit nodes, that are determined as such by Tor authoritie=

     You may have missed a distinction there.  ExcludeExitNodes does not
choose your exit nodes, but rather tells your client which nodes *not*
to use.
>The .doc (Section 4.9--Can I control what nodes I use for entry/exit?), sa=
>"We don't actually recommend you use these for normal use--you get the bes=
>t security that Tor can provide when you leave the route selection to Tor.=
>" If you agree, why do you do this? I am assuming that is part of what you=
>r post implied or meant, i.e. that you do this in spite of Tor's recommend=

     There are two cases here to discuss.  The first is when one is testing
a particular exit that one suspects may be corrupted or dysfunctional in
some other way that you find unacceptable.  Until the most recent versions
of tor, one could perform such a test by choosing the exit with the .exit
notation in a host+domainname (e.g.,,
which tells the client to build a circuit that uses PrivacyNow as the exit
node.  Unfortunate (IMO), the latest versions have the support for .exit
either disabled or deleted, apparently leaving us no easy way to perform
such tests.  I've asked recently on this list whether some other easy way
were available, but have been met with silence, so I assume that there
still is none.
     The second case is when a malfunctioning exit has been affirmatively
identified.  In such a case, one should post a message either here or on
tor-relays at to notify all subscribers to the selected list.
The directory authority operators read these lists, and if they are in
agreement about your complaint, they will assign a BadExit flag to the
offending node.  While you and others wait for them to notice your message
and decide what, if anything, to do about it, you and others need a way
to enforce exclusion of that node from the circuit route selection process
for use as an exit node.  The ExcludeExitNodes statements in torrc are
used to accomplish that exclusion.  Also, sometimes the authority operators
may disagree with your evaluation of a particular case and therefore refuse
to flag the exit node with a BadExit flag in the directory.  You can still
force your own client to abide by your evaluation and decision through use
of the ExcludeExitNodes statement in torrc.  W.r.t. the documentation you
cite, it is worth noting that being far more reluctant to exclude misbehaving
nodes from use as exits was a bigger issue in the days when the tor network
only had, say, 200 or fewer exits running at any one time.  Now that there
are usually 400 - 700 exits running at any given time, there isn't much
anonymity to be preserved by allowing the use of such exits, and there may be
much to be lost, depending upon the situation.  I've accumulated a fairly
lengthy list of excluded exits, but I do go through it every year or two to
see which excluded exit nodes a) are still around and running and b) have
corrected whatever I had found objectionable, as well as c) which are no
longer around and can be eliminated from the list anyway.  When I find nodes
that are no longer a problem, I remove them from my exclusions.
>Two, in my Home Folder/Library, I have two (2), torrc files. one is torrc,=
> the other is torrc.orig.1
>The first one (torrc), has:
># This file was generated by Tor; if youedit it, comments will not be pres=

     I think the comment may be a lie.  It's most likely a torrc produced by
vidalia, not tor.  (Someone please correct me if I've forgotten some special
case in which tor does rewrite a torrc.)

># The old torrc file was renamed totorrc.orig.1 or similar, and Tor will=
> ignore it
> # If set, Tor will accept connectionsfrom the same machine (localhost onl=
># on this port, and allow thoseconnections to control the Tor process usin=
># the Tor Control Protocol (described incontrol-spec.txt).
>ControlPort 9051
># Store working data, state, keys, andcaches here.
>DataDirectory /Users/zZ/.tor/
># Where to send logging messages.  Format is minSeverity[-maxSeverity]
># (stderr|stdout|syslog|file FILENAME).
>Log notice stdout
>The second (torrc.orig.1), has nothing in it.=20
>Which should I use? And, most importantly, what exactly do I write or ente=

     Not the empty one, obviously. :-)

>r into this file?=20
>I really don't understand this: entry nodes nickname, nickname,...
>This is where one does this, is it not? Please be exact, detailed and clea=
>r. Unfortunately, what is clear to most of you goes way over my head :()

     That is why tor is distributed with a complete set of documentation.
It would be well worth your time to read it.  Remember, too, that the web
site *strongly* recommends reading much of it before you ever use tor at
all, so that you *will* have most of the understanding you say you lack.
>Do I go to Tor's list of naughty exit nodes for the addresses to input?
>I need lots of help here so I'm asking for your patience too.
     Again, tor itself maintains no such list.  The directory authority
operators are the final arbiters of BadExit flag assignment, which tor
clients are supposed to obey automatically in the route selection routines.
You, yourself, are the maintainer of your own client's ExcludeExitNodes
and ExcludeNodes lists in your torrc file.
     Meanwhile, I see that PrivacyNow still has the following flags
assigned to it in the consensus document:

s Exit Fast HSDir Named Running Stable V2Dir Valid

I ask again that the authorities quickly either assign a BadExit to that
node or, if they know how, contact its operator about the problem to get
it corrected.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
To unsubscribe, send an e-mail to majordomo at with
unsubscribe or-talk    in the body.

More information about the tor-talk mailing list