DuckDuckGo now operates a Tor exit enclave

Gregory Maxwell gmaxwell at gmail.com
Sat Aug 14 17:32:31 UTC 2010


On Sat, Aug 14, 2010 at 12:19 PM, morphium <morphium at morphium.info> wrote:
>> An "exit enclave" is when a service operates a Tor exit node with an
>> exit policy permitting exiting to that service. Tor will automagically
>> extend circuits built to that host from three hops to four, such that
>> your traffic will exit on localhost of the service you are intending to
>> use. This means that users will use DDG's node when building circuits
>> that terminate at duckduckgo.com or whatever.
>
> Oh cool, so I declare my Tor exit node as an enclave for
> emailProviderNotUsingHTTPS.com and can get a lot of passwords?
>
> Thats easy!
>
> I hope enclaves in that sense don't exist! I hope thats a
> misunderstanding! Such a thing would be pretty bad!

Why don't you search the archives? The exit enclave functionality has
been discussed many times.  It only happens when the service the user
is connecting to and the exit have the same IP.

Moreover, the attack you're describing already exists— though I don't
know if I should encourage people shove beans up their noses by going
into the details here.
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list