DuckDuckGo now operates a Tor exit enclave

Gregory Maxwell gmaxwell at
Sat Aug 14 17:32:31 UTC 2010

On Sat, Aug 14, 2010 at 12:19 PM, morphium <morphium at> wrote:
>> An "exit enclave" is when a service operates a Tor exit node with an
>> exit policy permitting exiting to that service. Tor will automagically
>> extend circuits built to that host from three hops to four, such that
>> your traffic will exit on localhost of the service you are intending to
>> use. This means that users will use DDG's node when building circuits
>> that terminate at or whatever.
> Oh cool, so I declare my Tor exit node as an enclave for
> and can get a lot of passwords?
> Thats easy!
> I hope enclaves in that sense don't exist! I hope thats a
> misunderstanding! Such a thing would be pretty bad!

Why don't you search the archives? The exit enclave functionality has
been discussed many times.  It only happens when the service the user
is connecting to and the exit have the same IP.

Moreover, the attack you're describing already exists— though I don't
know if I should encourage people shove beans up their noses by going
into the details here.
To unsubscribe, send an e-mail to majordomo at with
unsubscribe or-talk    in the body.

More information about the tor-talk mailing list