[tor-talk] safety of exit nodes

Jimmy Chen me at jimmychen.com
Tue Jul 2 01:59:31 UTC 2013 

There are malicious TOR Nodes, and you can't stop that from happening. But
it is up to the service providers to enable encryption on their servers,
removing the possibility that such data can be intercepted. You shouldn't
trust your information to be sent through a plaintext protocol to begin
with, and any provider that doesn't offer a SSL-enabled service (either
required or optional), probably isn't worth your time when using TOR
anyways.

Even if TOR did certify exit nodes, who would be in charge of
certification? What if someone wanted to be anonymous during such process?
How many exits and relays would be backlogged, and what could we do to
solve a shortage of TOR Nodes? What's stopping someone from making a
legitimate TOR exit, getting it certified and then turning malicious when
the process is done? Wouldn't a thorough certification just discourage
people from running such nodes?

Heck, what would happen when a certification is violated? Would I get
$10,000 like with the SSL certificates being issued?

Nothing's stopping you from selecting a TOR Node you trust either, it's
just a line of parameter.

If you want your exit nodes to be certified, it's probably best at this
time, to use JAP instead of TOR.


On Mon, Jul 1, 2013 at 4:39 PM, <anonymous.coward at posteo.de> wrote:

> Hi there,
>
> I have a concern regarding exit nodes in Tor. In my mind it is possible
> for an attacker to run a malicious exit server that gathers information at
> the exit point. Of course, this does not compromise anonymity per se, but
> it still can reveal sensitive data to malicious people. I think the
> JonDonym project handles this question better. To run a JonDonym exit
> server you need to be certified. Thus it is much harder to run a malicious
> JonDonym exit server. Why don´t you offer better protection against
> malicious exit servers? I think safety of exit nodes is a serious concern.
>
> Thanks
> Hans-Rüdiger
>
> ______________________________**_________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/**cgi-bin/mailman/listinfo/tor-**talk<https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>
>

More information about the tor-talk mailing list