Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
Isn't this what exit policies have always done?
Exit node problem
Posted Jun 10, 2011 22:06 UTC (Fri) by rwmj (subscriber, #5474)
Maybe a Tor expert can help here.
Posted Jun 10, 2011 22:12 UTC (Fri) by Creideiki (subscriber, #38747)
For example, "accept 18.104.22.168:*,reject 22.214.171.124/8:*,accept *:*" would reject any traffic destined for MIT except for web.mit.edu, and accept anything else.
Posted Jun 10, 2011 22:18 UTC (Fri) by rwmj (subscriber, #5474)
The manual is unclear. It says that (some?) exit policies are propagated out. Long complex lists? It doesn't seem to be the intended use of this feature.
I'd want to hear it from a Tor developer, one way or the other.
Posted Jun 13, 2011 19:04 UTC (Mon) by adisaacs (subscriber, #53996)
IIUC, every unique exit policy must be propagated out in the consensus. Adding thousands of unique exit policies (one per "custom" exit node) would make the Tor consensus grow quite large, which would slow down the entire network. I *think* (not entirely certain) that end user nodes have to retrieve the consensus before establishing circuits, so it would slow down Tor startup for all users.
If I understand correctly, then it wouldn't scale for every exit node to pick its own set of allowed IPs.
Besides, how would you decide what networks to exit for? Just BBC? Do you want to allow CNN as well? How about Wikipedia?
Posted Jun 13, 2011 19:34 UTC (Mon) by rwmj (subscriber, #5474)
Posted Jul 16, 2011 15:07 UTC (Sat) by fuhchee (subscriber, #40059)
OK, but why would someone want to use tor to access the bbc?
Posted Jul 17, 2011 17:42 UTC (Sun) by anselm (subscriber, #2796)
AFAIR, the BBC's back content is officially only available to people with a paid-up British television licence. Since you can't get a British television licence unless you're in the UK, the BBC, maybe understandably, restricts access to the relevant servers to clients with an IP address that is located in the UK.
There seems to be a market for UK-based proxy servers especially to allow people from outside the UK to get at the BBC servers. Presumably using a Tor exit node inside the UK would also do the trick.
Personally I'd be happy to pay the Beeb to be allowed to access their programming from here in Germany. For all the griping the Brits do about the BBC, much of what they're broadcasting is still way better than the vile stuff we're stuck with hereabouts.
Posted Jul 17, 2011 18:41 UTC (Sun) by fuhchee (subscriber, #40059)
That's true, but there are two problems with that. I'm pretty sure rwmj is not interested in become a high-bandwidth multimedia proxy. Also, it is somewhat likely that he is not interested in assisting vicarious copyright infringement.
Posted Jul 17, 2011 23:21 UTC (Sun) by mjg59 (subscriber, #23239)
Posted Jul 18, 2011 7:12 UTC (Mon) by anselm (subscriber, #2796)
OK, but you can still only get at the BBC's back content from UK-based IP addresses (for the time being, anyway). So there's a certain demand for shady arrangements that let people appear to be in the UK when in reality they aren't.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds