tracking locally originated traffic from an exit node ... ?

John Case case at SDF.LONESTAR.ORG
Tue Aug 3 20:20:25 UTC 2010

If I run a relay with no exit policy at all:

reject *:*

and I personally, as a logged in local user of the system, initiate 
traffic (like, say, download the wikileaks torrent or posting on a website 
using lynx, or whatever), I suspect that traffic sticks out VERY clearly 
to an outside observer ... there's nothing but SSL encrypted traffic going 
to the ORport and DIRport, and then all of a sudden there is plain old 
HTTP going to non-tor relays.  Very clearly this is non-tor traffic and is 
"interesting" to an observer.

However, if I run a relay with a relaxed exit policy, and I as a logged 
in, local user of the system initiate traffic on ports that are open for 
exit, isn't that traffic very well obfuscated to an outside observer ?

Note that this is not the common "can I use fewer hops" question, which 
has the usual answer RE: correlation attacks.  That situation involves an 
observer trying to prove a positive.  This is the opposite - an outside 
observer would need to prove a negative: "this traffic I see coming out of 
the exit WAS NOT caused in any way by the tor traffic I see using it as an 

So ... if I've got a 5 or 10 mbps exit node with a healthy list of 
connections, can I use lynx locally to browse anonymously ?
To unsubscribe, send an e-mail to majordomo at with
unsubscribe or-talk    in the body.

More information about the tor-talk mailing list