LWN: Comments on "Phantom: Decentralized anonymous networking"

Exit node problem

anselm — Mon, 18 Jul 2011 07:12:13 +0000

OK, but you can still only get at the BBC's back content from UK-based IP addresses (for the time being, anyway). So there's a certain demand for shady arrangements that let people appear to be in the UK when in reality they aren't.

Exit node problem

mjg59 — Sun, 17 Jul 2011 23:21:12 +0000

The current legal state is that you only need a license to watch the BBC's live streams, not the back content. http://iplayerhelp.external.bbc.co.uk/help/playing_tv_pro... has more on this.

Exit node problem

fuhchee — Sun, 17 Jul 2011 18:41:58 +0000

"AFAIR, the BBC's back content is officially only available to people with a paid-up British television licence."

That's true, but there are two problems with that. I'm pretty sure rwmj is not interested in become a high-bandwidth multimedia proxy. Also, it is somewhat likely that he is not interested in assisting vicarious copyright infringement.

Exit node problem

anselm — Sun, 17 Jul 2011 17:42:18 +0000

AFAIR, the BBC's back content is officially only available to people with a paid-up British television licence. Since you can't get a British television licence unless you're in the UK, the BBC, maybe understandably, restricts access to the relevant servers to clients with an IP address that is located in the UK.

There seems to be a market for UK-based proxy servers especially to allow people from outside the UK to get at the BBC servers. Presumably using a Tor exit node inside the UK would also do the trick.

Personally I'd be happy to pay the Beeb to be allowed to access their programming from here in Germany. For all the griping the Brits do about the BBC, much of what they're broadcasting is still way better than the vile stuff we're stuck with hereabouts.

Exit node problem

fuhchee — Sat, 16 Jul 2011 15:07:21 +0000

"So in my case it'd just be the BBC networks."

OK, but why would someone want to use tor to access the bbc?

Phantom: Decentralized anonymous networking

jo42 — Sat, 18 Jun 2011 21:47:23 +0000

> Also unlike Tor, it is the endpoint that chooses its routing path, rather than the network making those decisions.

Are you saying that the inner nodes of the Tor network choose the route through the Tor network? To my knowledge this is wrong. The Tor client, i.e. the endpoint, chooses the Tor hopes to the exit node.

Phantom: Decentralized anonymous networking

wtanksleyjr — Thu, 16 Jun 2011 18:24:15 +0000

If the sending node gets to choose the exitpoint, are sideband information leaks possible -- for example, can I send a ping through this to my own server and set its exit point to one of a set of nodes I suspect is someone I'm trying to track down?

Exit node problem

eduperez — Thu, 16 Jun 2011 06:23:32 +0000

The "exit node problem" in TOR is, AFAIK, not what you describe (node operators facing problems because of the actions of TOR users), but the ability of "rogue" operators to eavesdrop any traffic leaving their node.

Exit node problem

rwmj — Mon, 13 Jun 2011 19:34:42 +0000

Since the issue is I could well be arrested and have all my computer equipment seized if someone used Tor to access child porn or terrorist material from my network, I'd want to choose sites that wouldn't contain this. And I would like to push the political objectives of Tor without letting people do things that I don't approve off (it's my network access after all). So in my case it'd just be the BBC networks.

Exit node problem

adisaacs — Mon, 13 Jun 2011 19:04:43 +0000

I'm not a Tor developer, but I follow the mailing lists somewhat.

IIUC, every unique exit policy must be propagated out in the consensus. Adding thousands of unique exit policies (one per "custom" exit node) would make the Tor consensus grow quite large, which would slow down the entire network. I *think* (not entirely certain) that end user nodes have to retrieve the consensus before establishing circuits, so it would slow down Tor startup for all users.

If I understand correctly, then it wouldn't scale for every exit node to pick its own set of allowed IPs.

Besides, how would you decide what networks to exit for? Just BBC? Do you want to allow CNN as well? How about Wikipedia?

Exit node problem

rwmj — Fri, 10 Jun 2011 22:18:32 +0000

Right, but if I go to the bother of finding out and listing all the BBC's networks (in itself an ever-changing task), and list them in a long series of 'accept' statements, do those get properly propagated out to the directory?

The manual is unclear. It says that (some?) exit policies are propagated out. Long complex lists? It doesn't seem to be the intended use of this feature.

I'd want to hear it from a Tor developer, one way or the other.

Exit node problem

Creideiki — Fri, 10 Jun 2011 22:12:53 +0000

I'm no expert, but seeing as the manual says

For example, "accept 18.7.22.69:*,reject 18.0.0.0/8:*,accept *:*" would reject any traffic destined for MIT except for web.mit.edu, and accept anything else.

I don't understand what you think is lacking.

Exit node problem

rwmj — Fri, 10 Jun 2011 22:06:13 +0000

I always understood that exit policies were just to prevent people connecting to port 25 (to send spam) or "private" (to attack your RFC 1918 private network). I've just checked the manual and I'm actually still unclear on whether they can be used for what I suggested ...

Maybe a Tor expert can help here.

Exit node problem

Creideiki — Fri, 10 Jun 2011 21:39:19 +0000

Isn't this what exit policies have always done?

Phantom: Decentralized anonymous networking

spaetz — Thu, 09 Jun 2011 21:14:44 +0000

Nice intro to phantom, but it left me wondering how it compares to things such as I2P or gnunet. I2P sounds like it solves quite the same issues in very similar ways.

Stupid non-free license

debacle — Thu, 09 Jun 2011 15:57:24 +0000

It would be nice, if they could at least dual-license the software with GPL3 or whatever.

Exit node problem

rwmj — Thu, 09 Jun 2011 11:25:44 +0000

The exit node problem (in Tor) could be solved by allowing exit nodes to whitelist IP addresses they allow. (The protocol would no longer be exactly Tor because the whitelist would have to be propagated out so that at the point of entry you can choose which subset of exit nodes to use)

For example, I would happily run a Tor exit node that would only access bbc.co.uk servers.

The point of this change would be that it could massively increase adoption of Tor and meet the political ends of this tool, because there is next to no risk to running an exit node. It would still allow people to run unrestricted exit nodes if they wanted, and others to use them, so no one's freedom is restricted by this.

Stupid non-free license

SLi — Thu, 09 Jun 2011 07:09:16 +0000

Argh, the HESSLA is a prime example of stupid license proliferation that will not do any good (it's unlikely that governments that violate human rights will be discouraged from using the software because the license says so) and adds to the already horrible incompatible license mess.