[tor-talk] Vidalia: Default relay policy => exit node
Arian Sanusi
arian at sanusi.de
Tue Jul 30 10:16:18 UTC 2013
Hi All,
TL;DR: it too easy to run an exit node. Make it impossible to accidently operate one
If this discussion happened before: Sorry, did not find it.
I know that exit nodes are more ore less relay nodes that also allow traffic out of the tor network. On a technical level. But the "real-world"-implications are much more severe. Exit node operators should really know of the possible implications of their doing. But at the moment, in Vidalia one only needs to change "Run as client only" to "Relay traffic for the tor network". In torrc I think you only need to uncomment the ORPort setting and forget to uncomment the "reject *:*".
I cannot think of a talk or documentation I came across that does not distinguish between exit node and relay node. The implications are totally different. Why does the configuration break with this?
I suggest to make it impossible to run a exit node accidently. Something along "sha1sum the configuration file and add 'ExitNode `sha1sum torrc`'". IFF the sha1sums match allow something else than "reject *:*". tor must exclude the ExitNode line to allow matching, obviously.
Background: I recently organized a cryptoparty. One of the participants who used Tor the first time decided to run a tor relay. I noticed that he'd run an exit node by sheer chance. Shit like this is why we can't have nice things.
regards Arian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20130730/5096893d/attachment-0001.sig>
More information about the tor-talk
mailing list