Recent Features
| |||||||||||||
Exit node problemExit node problemPosted Jun 9, 2011 11:25 UTC (Thu) by rwmj (subscriber, #5474)Parent article: Phantom: Decentralized anonymous networking
The exit node problem (in Tor) could be solved by allowing exit nodes to whitelist IP addresses they allow. (The protocol would no longer be exactly Tor because the whitelist would have to be propagated out so that at the point of entry you can choose which subset of exit nodes to use)
For example, I would happily run a Tor exit node that would only access bbc.co.uk servers.
The point of this change would be that it could massively increase adoption of Tor and meet the political ends of this tool, because there is next to no risk to running an exit node. It would still allow people to run unrestricted exit nodes if they wanted, and others to use them, so no one's freedom is restricted by this.
(Log in to post comments)
Exit node problem Posted Jun 10, 2011 21:39 UTC (Fri) by Creideiki (subscriber, #38747) [Link] Isn't this what exit policies have always done?
Exit node problem Posted Jun 10, 2011 22:06 UTC (Fri) by rwmj (subscriber, #5474) [Link]
I always understood that exit policies were just to prevent people connecting to port 25 (to send spam) or "private" (to attack your RFC 1918 private network). I've just checked the manual and I'm actually still unclear on whether they can be used for what I suggested ...
Maybe a Tor expert can help here.
Exit node problem Posted Jun 10, 2011 22:12 UTC (Fri) by Creideiki (subscriber, #38747) [Link] I'm no expert, but seeing as the manual saysFor example, "accept 18.7.22.69:*,reject 18.0.0.0/8:*,accept *:*" would reject any traffic destined for MIT except for web.mit.edu, and accept anything else.I don't understand what you think is lacking.
Exit node problem Posted Jun 10, 2011 22:18 UTC (Fri) by rwmj (subscriber, #5474) [Link]
Right, but if I go to the bother of finding out and listing all the BBC's networks (in itself an ever-changing task), and list them in a long series of 'accept' statements, do those get properly propagated out to the directory?
The manual is unclear. It says that (some?) exit policies are propagated out. Long complex lists? It doesn't seem to be the intended use of this feature.
I'd want to hear it from a Tor developer, one way or the other.
Exit node problem Posted Jun 13, 2011 19:04 UTC (Mon) by adisaacs (subscriber, #53996) [Link]
I'm not a Tor developer, but I follow the mailing lists somewhat.
IIUC, every unique exit policy must be propagated out in the consensus. Adding thousands of unique exit policies (one per "custom" exit node) would make the Tor consensus grow quite large, which would slow down the entire network. I *think* (not entirely certain) that end user nodes have to retrieve the consensus before establishing circuits, so it would slow down Tor startup for all users.
If I understand correctly, then it wouldn't scale for every exit node to pick its own set of allowed IPs.
Besides, how would you decide what networks to exit for? Just BBC? Do you want to allow CNN as well? How about Wikipedia?
Exit node problem Posted Jun 13, 2011 19:34 UTC (Mon) by rwmj (subscriber, #5474) [Link]
Since the issue is I could well be arrested and have all my computer equipment seized if someone used Tor to access child porn or terrorist material from my network, I'd want to choose sites that wouldn't contain this. And I would like to push the political objectives of Tor without letting people do things that I don't approve off (it's my network access after all). So in my case it'd just be the BBC networks.
Exit node problem Posted Jul 16, 2011 15:07 UTC (Sat) by fuhchee (subscriber, #40059) [Link]
"So in my case it'd just be the BBC networks."
OK, but why would someone want to use tor to access the bbc?
Exit node problem Posted Jul 17, 2011 17:42 UTC (Sun) by anselm (subscriber, #2796) [Link] AFAIR, the BBC's back content is officially only available to people with a paid-up British television licence. Since you can't get a British television licence unless you're in the UK, the BBC, maybe understandably, restricts access to the relevant servers to clients with an IP address that is located in the UK. There seems to be a market for UK-based proxy servers especially to allow people from outside the UK to get at the BBC servers. Presumably using a Tor exit node inside the UK would also do the trick. Personally I'd be happy to pay the Beeb to be allowed to access their programming from here in Germany. For all the griping the Brits do about the BBC, much of what they're broadcasting is still way better than the vile stuff we're stuck with hereabouts.
Exit node problem Posted Jul 17, 2011 18:41 UTC (Sun) by fuhchee (subscriber, #40059) [Link]
"AFAIR, the BBC's back content is officially only available to people with a paid-up British television licence."
That's true, but there are two problems with that. I'm pretty sure rwmj is not interested in become a high-bandwidth multimedia proxy. Also, it is somewhat likely that he is not interested in assisting vicarious copyright infringement.
Exit node problem Posted Jul 17, 2011 23:21 UTC (Sun) by mjg59 (subscriber, #23239) [Link]
The current legal state is that you only need a license to watch the BBC's live streams, not the back content. http://iplayerhelp.external.bbc.co.uk/help/playing_tv_pro... has more on this.
Exit node problem Posted Jul 18, 2011 7:12 UTC (Mon) by anselm (subscriber, #2796) [Link] OK, but you can still only get at the BBC's back content from UK-based IP addresses (for the time being, anyway). So there's a certain demand for shady arrangements that let people appear to be in the UK when in reality they aren't.
Exit node problem Posted Jun 16, 2011 6:23 UTC (Thu) by eduperez (guest, #11232) [Link]
The "exit node problem" in TOR is, AFAIK, not what you describe (node operators facing problems because of the actions of TOR users), but the ability of "rogue" operators to eavesdrop any traffic leaving their node.
|
|||||||||||||