[tor-talk] Private Exits

Fri Jul 10 02:50:19 UTC 2020

On Sun, Jun 28, 2020, at 23:49, mpan wrote:
> > The Tor network with Private Exits:
> > Alice uses Tor Browser to connect to myexit.onion.
> > Tor Browser connects to a guard note, then a middle node, then to
> > myexit.onion. myexit.onion provides a portal to the internet via a web
> > interface similar to a VNC session. myexit.onion is not recognized as a
> > Tor exit node and Alice can then go to mywebsite.com without any extra
> > harassment. […]
>  (If I understand that correctly)
> 
> 
>  If the “private exit node” belongs to Alice, then it is no longer
> anonymizing her. 

Correct. This is not the only reason to use tor.

> It’s no different than Alice running a VPN service for
> herself, except it’s very convolutd and wastes resources on hopping
> through Tor for no gain. Similar story with multi-user tor relay from
> some company: the user are not anonymous to the provider, so any
> anonymization layer between them and the final relay is useless.

There actually are some benefits. And of course, some costs/risks.

If I subscribe to a commercial VPN what are the odds that any other customer of that same VPN are using the same last-mile connectivity/wifi as myself? The situation gets worse if I connect to my corporate VPN service, or run my own VPN endpoint.

Unless there are any other users of the same VPN service, I can be tracked as I move between networks, even if I randomize my MAC address or use burner hardware.

Even if there are other users of that same VPN server, are they configured identically? Does the VPN protocol exchange credentials or certificates securely? Is there any other uniqueness in the initial VPN handshake? Has the VPN service modified their defaults over time, meaning that the date I downloaded my configuration file from the provider dictates my settings providing a further fingerprint? Is my VPN client version unique?

By routing the first hop through tor, I am not consistently connecting to one single endpoint, and I blend into the background with other tor users.

>  This idea is also usable right now without any changes to Tor. Alice
> may setup her own proxy and connect to it through Tor. But it offers no
> protection. 

If it were me, I think I would set up a tor hidden service and run a proxy on the .onion to complete the final connection to the internet, either as a proxy or a VPN endpoint.