[tor-talk] On further minimizing harassment for Tor Exit Nodes

[s7r]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Altering Tor's path selection is something we shouldn't play with
until we have concrete papers that suggest it is wrong. As Moritz
said, having a GeoIP database to make path selection changes is
probably a terrible idea, due that such databases are by design not
100% accurate and subject to constant change. Such a behavior will
also alter anonymity in an unknown (I think bad) way.

Anyway, your suggestion might actually happen automatically along with
a more important fix, which is AS aware path selection. This is non
trivial work and will probably take some time, but it's not unknown
and people are looking into it.


On 1/2/2016 10:37 PM, Moritz Bartl wrote:
> On 01/02/2016 06:46 PM, Fabio Pietrosanti (naif) - lists wrote:
>> The worst risks is usually considered "being waked up at 6.00am
>> in the morning by authorities" but there's no specific provision
>> on reducing that risks.
>> 
>> The guidelines "Tips for Running an Exit Node with Minimal
>> Harassment" 
>> https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment
>>
>> 
does not cover specifically this kind of risk.
> 
> Well, we do have "whois reassignment" and "create an organization"
> and other things like that in the guidelines that are also aimed at
> reducing this risk. 
> https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines
>
> 
>> We could trigger that if a Tor Exit operator would be able to
>> have an ExitPolicy that deny traffic going to the destination IPs
>> of the country where it's located, leading any kind of abuses to
>> be originated because of Tor Exit traffic flowing to a foreign
>> country.
> 
> You can achieve something similar by placing your relay in a
> country other than your own, without the need of complicated
> rulesets.
> 
> The only way I can see to try and achieve this would be GeoIP
> databases. You know as much as I do that geoIP databases are very
> rough at best, and I don't see how you would keep a geoIP database
> current across the whole network. In practice, if you don't want to
> drop certain requests as an exit, you cannot make it more than a
> "wish" of the exit relay that a client may still violate. In many
> cases Tor already comes with or suggests a GeoIP database (Tor
> Browser, relays).
> 
> Another argument for your suggestion would be that some day,
> traffic in or to certain countries will be more troublesome than to
> others. Something like this could also be used to influence your
> peering/transit ratio to arrange cheaper deals.
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJWiSXrAAoJEIN/pSyBJlsRgZkIALnF59sE8m7BqwF3gpJg3Q+D
EaS91NDftRwF8AJgte074tcPPONvABesmL5gWEs7CaslbQJSg/7cfQ0fekeP9l43
T1mgzAe8+TQS/4Vy9VzVjoh1trnmmzyb1yOzCsozciH/JzZ7kBxVsExh6rqTlZ4C
VDxcspfIv4Db92+acXR0Rk8sZc2SPxbMemHsGYJZWIwDmUv+7ksG1AJH9XAlPsmA
+o3NRn4PzCekxfFHW7Gyy2Ia/BWqL1jlhj1ODSwSyZeipfnBBdBqmgFfkbiOvkcN
VmLKkh6xcFZC8ViT68t9JXVmYivJpO/nwtHOsznsDaJpJrEI8fB3Zs5C3Wu8FvI=
=U024
-----END PGP SIGNATURE-----