Is "gatereloaded" a Bad Exit?

Mike Perry mikeperry at fscked.org
Mon Jan 31 04:54:28 UTC 2011 

Thus spake morphium (morphium at morphium.info):

> 2011/1/30 Damian Johnson <atagar1 at gmail.com>:
> > The five relays Mike mentioned have been flagged as BadExits [1].
> > Adding them to your ExcludeExitNodes isn't necessary. -Damian
> 
> That was really dumb, as it puts a lot more load on the Nodes that
> support encryption, and, as was mentioned before, _every_ operator
> could sniff.

There is no rational reason to carry the unencrypted version of a
service but not the encrypted version, except to log data. So unless
these 5 nodes were all just playing their favorite lotto numbers in
their exit policy, they were being jerks.

I am aware that every operator can sniff regardless of policy. Every
operator can do a lot of things. The fact that even good exit policies
can do bad things is not a necessary condition for allowing bad exit
policies.

Frankly, this in-your-face selfishness of *only* accepting the
unencrypted data because "fuck it, that's the only data I want to log"
just rubs me the wrong way. Not one of those 5 had legit contact info.
Two of them actually bothered to fill out the field, but filled it in
with a fake email address. 

All of them just wreak of disrespect for us, for the network, and for
our users. Essentially, it's that disrespect that earned them the
BadExit flag.

If this means that sending the message to them means we take out a few
irrational actors in the process, that's fine. I don't much want
people playing lotto in their exit policies either. They can stick to
middle node and put their lotto numbers in their contact info. I
promise that it will work just as well.

> I will change my Exit Policy now to something like 80, 6667, 21 and if
> you BadExit it, you'll loose another fast node.

*sigh*. And so the cat herding begins. Are you really protesting this
policy decision with civil disobedience? Really? Fighting for Great
Justice everywhere, eh?

Do you have a rational reason why we should allow people to carry the
unencrypted version of a service but not the encrypted one, other than
"Well, they could be bad actors even with a good policy!"

Or is it just because you feel that someone told to do something and
you don't much like being told what to do, regardless of the
reasoning?

I forbid you from jumping in the nearest lake!

I also forbid you from taking your freshly-gimped exit node in for a
swim with you!


-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110130/7e9fc2d1/attachment.pgp>

More information about the tor-talk mailing list