[tor-talk] A possible way to make end-users to contribute to Tor exit traffic

[krishna e bera]

On 02/07/2016 07:25 AM, nusenu wrote:
> Fabio Pietrosanti (naif) - lists:
>>>> - it is *not* a good idea to run exits from your home (limited exit
>>>> policies are no guarantee for no troubles)
>> It depends only on how finely we can be capable of precisely defining
>> the destinations to which you're sending your Tor exit traffic.
>>
>> If i get all the Google's IP of their 17 Autonomous System and will only
>> enable that configured in an Exit Policy, do you expect to receive abuse
>> requests from Google? I don't think so.
> 
> I wouldn' worry that these users - actually their ISPs - get abuse spam
> by Google but more the 'LEA / court order asking Google: Which IP was
> sending that email?'
> type of scenario.

More importantly, anytime a user logs into any Google account via a Tor
exit noe, they run the risk of that "something suspicious" screen and a
demand from Google that they verify their account using a different
means such as SMS or voice.  Many users will not have a voice or SMS
service handy to verify with.
If their normal home connection becomes known as an exit node, users
could be very much inconvenienced, and not just when accessing Google.
It does not matter if the exit node was ever implicated in some abuse -
merely being listed is enough to get banned from many websites and other
services such as IRC.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 465 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20160207/83942193/attachment.sig>