DuckDuckGo now operates a Tor exit enclave
Gregory Maxwell
gmaxwell at gmail.com
Sun Aug 15 19:13:20 UTC 2010
On Sun, Aug 15, 2010 at 2:46 PM, Ted Smith <teddks at gmail.com> wrote:
> On Sun, 2010-08-15 at 17:40 +0200, Michael Scheinost wrote:
>> 2. Why is it offering HTTP
>> If duckduckgo.com really cares for the anonymity and privacy of its
>> users, why do they offer unencrypted HTTP?
>> Even if tor users are encouraged to use HTTPS, some of them will
>> forget
>> doing so.
>
> There's no point in HTTPS if you're using an exit enclave. The traffic
> is encrypted in the Tor cloud, exits that cloud **on the service's
> localhost address**, and if it were encrypted, would be transmitted as
> ciphertext to the service port on the local interface.
>
> If you're proposing a threat model wherein loopback is an untrusted
> connection, you have bigger problems than, well, anything.
Except that users often won't use the exit enclave due to limitations in tor.
The first connection to a destination will not use the exit enclave
because prior to the first connection the node will be unaware of the
destination IP and thus unaware of the existence of the enclave.
Incomplete directory information can also cause nodes to not use enclaves.
Exits with falsified DNS will cause nodes not to use enclaves.
These weaknesses could all be reduced or eliminated, but I don't think
people have cared too much about the exit enclave functionality.
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list